DSA-2026-019: Security update for Dell ECS and ObjectScale Multiple Vulnerabilities

Oversigt: Dell ECS and ObjectScale remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

Critical

Oplysninger

Third-party Component CVEs More Information
Apache MINA CVE-2024-52046 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Parquet Avro CVE-2025-46762 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Dell BSAFE SSL‑J CVE-2022-34364, CVE-2023-28077 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel-default CVE-2022-50253, CVE-2022-50482, CVE-2022-50497, CVE-2023-31248, CVE-2023-3772, CVE-2023-39197, CVE-2023-42752, CVE-2023-42753, CVE-2023-53147, CVE-2023-53148, CVE-2023-53167, CVE-2023-53170, CVE-2023-53174, CVE-2023-53179, CVE-2023-53181, CVE-2023-53184, CVE-2023-53187, CVE-2023-53189, CVE-2023-53195, CVE-2023-53204, CVE-2023-53206, CVE-2023-53207, CVE-2023-53210, CVE-2023-53215, CVE-2023-53217, CVE-2023-53221, CVE-2023-53235, CVE-2023-53238, CVE-2023-53243, CVE-2023-53255, CVE-2023-53260, CVE-2023-53261, CVE-2023-53272, CVE-2023-53288, CVE-2023-53291, CVE-2023-53292, CVE-2023-53303, CVE-2023-53304, CVE-2023-53312, CVE-2023-53331, CVE-2023-53333, CVE-2023-53336, CVE-2023-53338, CVE-2023-53339, CVE-2023-53342, CVE-2023-53343, CVE-2023-53350, CVE-2023-53354, CVE-2023-53360, CVE-2023-53364, CVE-2023-53367, CVE-2023-53368, CVE-2023-53369, CVE-2023-53371, CVE-2023-53379, CVE-2023-53385, CVE-2023-53391, CVE-2023-53394, CVE-2023-53395, CVE-2023-53397, CVE-2023-53401, CVE-2023-53421, CVE-2023-53426, CVE-2023-53429, CVE-2023-53432, CVE-2023-53436, CVE-2023-53441, CVE-2023-53442, CVE-2023-53444, CVE-2023-53446, CVE-2023-53448, CVE-2023-53454, CVE-2023-53456, CVE-2023-53461, CVE-2023-53462, CVE-2023-53463, CVE-2023-53472, CVE-2023-53479, CVE-2023-53480, CVE-2023-53490, CVE-2023-53491, CVE-2023-53492, CVE-2023-53493, CVE-2023-53495, CVE-2023-53496, CVE-2023-53507, CVE-2023-53508, CVE-2023-53510, CVE-2023-53515, CVE-2023-53518, CVE-2023-53526, CVE-2023-53527, CVE-2023-53538, CVE-2023-53543, CVE-2023-53546, CVE-2023-53555, CVE-2023-53557, CVE-2023-53558, CVE-2023-53577, CVE-2023-53580, CVE-2023-53581, CVE-2023-53585, CVE-2023-53596, CVE-2023-53600, CVE-2023-53601, CVE-2023-53611, CVE-2023-53613, CVE-2023-53618, CVE-2023-53621, CVE-2023-53633, CVE-2023-53638, CVE-2023-53645, CVE-2023-53649, CVE-2023-53652, CVE-2023-53653, CVE-2023-53656, CVE-2023-53657, CVE-2023-53660, CVE-2023-53665, CVE-2023-53672, CVE-2023-53676, CVE-2023-53686, CVE-2023-53697, CVE-2023-53698, CVE-2023-53727, CVE-2023-53728, CVE-2023-53731, CVE-2023-53733, CVE-2024-26584, CVE-2024-58090, CVE-2024-58240, CVE-2025-21710, CVE-2025-37916, CVE-2025-38008, CVE-2025-38119, CVE-2025-38234, CVE-2025-38402, CVE-2025-38408, CVE-2025-38418, CVE-2025-38419, CVE-2025-38456, CVE-2025-38465, CVE-2025-38466, CVE-2025-38514, CVE-2025-38526, CVE-2025-38533, CVE-2025-38544, CVE-2025-38552, CVE-2025-38556, CVE-2025-38574, CVE-2025-38584, CVE-2025-38590, CVE-2025-38614, CVE-2025-38616, CVE-2025-38622, CVE-2025-38623, CVE-2025-38639, CVE-2025-38640, CVE-2025-38645, CVE-2025-38653, CVE-2025-38668, CVE-2025-38678, CVE-2025-38679, CVE-2025-38684, CVE-2025-38687, CVE-2025-38691, CVE-2025-38695, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38709, CVE-2025-38718, CVE-2025-38721, CVE-2025-38722, CVE-2025-38725, CVE-2025-38727, CVE-2025-38730, CVE-2025-38732, CVE-2025-38735, CVE-2025-38736, CVE-2025-39673, CVE-2025-39676, CVE-2025-39677, CVE-2025-39682, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39701, CVE-2025-39702, CVE-2025-39706, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39718, CVE-2025-39721, CVE-2025-39724, CVE-2025-39805, CVE-2025-39812, CVE-2025-39828, CVE-2025-39841, CVE-2025-39859, CVE-2025-39866, CVE-2025-39876, CVE-2025-39881, CVE-2025-39895, CVE-2025-39902, CVE-2025-39931, CVE-2025-39934, CVE-2025-39937, CVE-2025-39946, CVE-2025-39947, CVE-2025-39949, CVE-2025-39955, CVE-2025-39977, CVE-2025-39980, CVE-2025-39993, CVE-2025-39995, CVE-2025-40001, CVE-2025-40019, CVE-2025-40021, CVE-2025-40029, CVE-2025-40030, CVE-2025-40032, CVE-2025-40035, CVE-2025-40036, CVE-2025-40040, CVE-2025-40043, CVE-2025-40051, CVE-2025-40056, CVE-2025-40058, CVE-2025-40059, CVE-2025-40060, CVE-2025-40062, CVE-2025-40070, CVE-2025-40071, CVE-2025-40074, CVE-2025-40075, CVE-2025-40078, CVE-2025-40080, CVE-2025-40083, CVE-2025-40096, CVE-2025-40100, CVE-2025-40109, CVE-2025-40115, CVE-2025-40118, CVE-2025-40127, CVE-2025-40129, CVE-2025-40140, CVE-2025-40149, CVE-2025-40156, CVE-2025-40159, CVE-2025-40169, CVE-2025-40176, CVE-2025-40180, CVE-2025-40183, CVE-2025-40186, CVE-2025-40188, CVE-2025-40194, CVE-2025-40198, CVE-2025-40204, CVE-2025-40205, CVE-2025-40206, CVE-2025-40207 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt (EXSLT parser) CVE-2025-11731 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
MySQL Connector/J CVE-2023-22102 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Oracle Java SE CVE-2025-30754, CVE-2025-30761, CVE-2026-21925 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
wcurl CVE-2025-11563 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Note: 

  1. To remediate vulnerabilities, customers running supported affected versions of ECS must upgrade to the latest ObjectScale release 4.3.0.0.
  2. Dell recommends all customers have their ObjectScale systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  3. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information.

Løsninger og afhjælpninger

CVE ID Workaround and Mitigation
CVE-2026-40636 To mitigate this vulnerability, customers on all supported ECS or Objectscale versions, still using default credentials, can apply the password change procedure documented as a 'NOTE' under the ‘Default Node Users’ table in the Dell ObjectScale 4.3.0.0 Security Configuration Guide, without performing an upgrade.

 

Revisionshistorik

RevisionDateDescription
1.02026-05-10Initial Release

 

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Software with Encryption, ObjectScale Software without Encryption , ObjectScale Software Series ...
Artikelegenskaber
Artikelnummer: 000462117
Artikeltype: Dell Security Advisory
Senest ændret: 10 maj 2026
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.