Description
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.
Published: 2026-05-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is due to the use of hard‑coded credentials in Dell ECS and ObjectScale, allowing an unauthenticated attacker who has local access to read or modify the filesystem. This flaw aligns with CWE‑798 and can be leveraged to gain unauthorized local access to system files.

Affected Systems

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions earlier than 4.3.0.0 are affected. These products run on Dell hardware in enterprise storage environments.

Risk and Exploitability

The CVSS score of 9.8 signals a critical risk level, while the EPSS score of less than 1% indicates a very low likelihood of exploitation at present. The vulnerability is not identified in the CISA KEV catalog. Exploitation requires only local presence on the machine; no remote authentication or network access is needed.

Generated by OpenCVE AI on May 11, 2026 at 17:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell ECS and ObjectScale to the latest firmware versions that resolve hard‑coded credential usage, following Dell’s security update procedures.
  • Ensure that the system administration credentials are secured and not embedded in configuration files or code.
  • If an immediate upgrade is not feasible, restrict local user privileges, isolate the asset from critical data, and monitor file activity for suspicious access.

Generated by OpenCVE AI on May 11, 2026 at 17:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell elastic Cloud Storage
CPEs cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*
Vendors & Products Dell elastic Cloud Storage

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell ecs
Dell objectscale
Vendors & Products Dell
Dell ecs
Dell objectscale

Mon, 11 May 2026 18:00:00 +0000

Type Values Removed Values Added
Title Use of Hard‑Coded Credentials in Dell ECS and ObjectScale Allows Local File System Access

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Dell Ecs Elastic Cloud Storage Objectscale
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-12T03:55:17.566Z

Reserved: 2026-04-14T16:10:47.675Z

Link: CVE-2026-40636

cve-icon Vulnrichment

Updated: 2026-05-11T12:44:21.061Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T10:16:13.623

Modified: 2026-05-12T17:19:01.577

Link: CVE-2026-40636

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:23:23Z

Weaknesses