DSA-2026-019: Security update for Dell ECS and ObjectScale Multiple Vulnerabilities

Riepilogo: Dell ECS and ObjectScale remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Questo articolo si applica a Questo articolo non si applica a Questo articolo non è legato a un prodotto specifico. Non tutte le versioni del prodotto sono identificate in questo articolo.
Scopri le altre risorse

Impatto

Critical

Dettagli

Third-party Component CVEs More Information
Apache MINA CVE-2024-52046 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Parquet Avro CVE-2025-46762 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Dell BSAFE SSL‑J CVE-2022-34364, CVE-2023-28077 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel-default CVE-2022-50253, CVE-2022-50482, CVE-2022-50497, CVE-2023-31248, CVE-2023-3772, CVE-2023-39197, CVE-2023-42752, CVE-2023-42753, CVE-2023-53147, CVE-2023-53148, CVE-2023-53167, CVE-2023-53170, CVE-2023-53174, CVE-2023-53179, CVE-2023-53181, CVE-2023-53184, CVE-2023-53187, CVE-2023-53189, CVE-2023-53195, CVE-2023-53204, CVE-2023-53206, CVE-2023-53207, CVE-2023-53210, CVE-2023-53215, CVE-2023-53217, CVE-2023-53221, CVE-2023-53235, CVE-2023-53238, CVE-2023-53243, CVE-2023-53255, CVE-2023-53260, CVE-2023-53261, CVE-2023-53272, CVE-2023-53288, CVE-2023-53291, CVE-2023-53292, CVE-2023-53303, CVE-2023-53304, CVE-2023-53312, CVE-2023-53331, CVE-2023-53333, CVE-2023-53336, CVE-2023-53338, CVE-2023-53339, CVE-2023-53342, CVE-2023-53343, CVE-2023-53350, CVE-2023-53354, CVE-2023-53360, CVE-2023-53364, CVE-2023-53367, CVE-2023-53368, CVE-2023-53369, CVE-2023-53371, CVE-2023-53379, CVE-2023-53385, CVE-2023-53391, CVE-2023-53394, CVE-2023-53395, CVE-2023-53397, CVE-2023-53401, CVE-2023-53421, CVE-2023-53426, CVE-2023-53429, CVE-2023-53432, CVE-2023-53436, CVE-2023-53441, CVE-2023-53442, CVE-2023-53444, CVE-2023-53446, CVE-2023-53448, CVE-2023-53454, CVE-2023-53456, CVE-2023-53461, CVE-2023-53462, CVE-2023-53463, CVE-2023-53472, CVE-2023-53479, CVE-2023-53480, CVE-2023-53490, CVE-2023-53491, CVE-2023-53492, CVE-2023-53493, CVE-2023-53495, CVE-2023-53496, CVE-2023-53507, CVE-2023-53508, CVE-2023-53510, CVE-2023-53515, CVE-2023-53518, CVE-2023-53526, CVE-2023-53527, CVE-2023-53538, CVE-2023-53543, CVE-2023-53546, CVE-2023-53555, CVE-2023-53557, CVE-2023-53558, CVE-2023-53577, CVE-2023-53580, CVE-2023-53581, CVE-2023-53585, CVE-2023-53596, CVE-2023-53600, CVE-2023-53601, CVE-2023-53611, CVE-2023-53613, CVE-2023-53618, CVE-2023-53621, CVE-2023-53633, CVE-2023-53638, CVE-2023-53645, CVE-2023-53649, CVE-2023-53652, CVE-2023-53653, CVE-2023-53656, CVE-2023-53657, CVE-2023-53660, CVE-2023-53665, CVE-2023-53672, CVE-2023-53676, CVE-2023-53686, CVE-2023-53697, CVE-2023-53698, CVE-2023-53727, CVE-2023-53728, CVE-2023-53731, CVE-2023-53733, CVE-2024-26584, CVE-2024-58090, CVE-2024-58240, CVE-2025-21710, CVE-2025-37916, CVE-2025-38008, CVE-2025-38119, CVE-2025-38234, CVE-2025-38402, CVE-2025-38408, CVE-2025-38418, CVE-2025-38419, CVE-2025-38456, CVE-2025-38465, CVE-2025-38466, CVE-2025-38514, CVE-2025-38526, CVE-2025-38533, CVE-2025-38544, CVE-2025-38552, CVE-2025-38556, CVE-2025-38574, CVE-2025-38584, CVE-2025-38590, CVE-2025-38614, CVE-2025-38616, CVE-2025-38622, CVE-2025-38623, CVE-2025-38639, CVE-2025-38640, CVE-2025-38645, CVE-2025-38653, CVE-2025-38668, CVE-2025-38678, CVE-2025-38679, CVE-2025-38684, CVE-2025-38687, CVE-2025-38691, CVE-2025-38695, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38709, CVE-2025-38718, CVE-2025-38721, CVE-2025-38722, CVE-2025-38725, CVE-2025-38727, CVE-2025-38730, CVE-2025-38732, CVE-2025-38735, CVE-2025-38736, CVE-2025-39673, CVE-2025-39676, CVE-2025-39677, CVE-2025-39682, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39701, CVE-2025-39702, CVE-2025-39706, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39718, CVE-2025-39721, CVE-2025-39724, CVE-2025-39805, CVE-2025-39812, CVE-2025-39828, CVE-2025-39841, CVE-2025-39859, CVE-2025-39866, CVE-2025-39876, CVE-2025-39881, CVE-2025-39895, CVE-2025-39902, CVE-2025-39931, CVE-2025-39934, CVE-2025-39937, CVE-2025-39946, CVE-2025-39947, CVE-2025-39949, CVE-2025-39955, CVE-2025-39977, CVE-2025-39980, CVE-2025-39993, CVE-2025-39995, CVE-2025-40001, CVE-2025-40019, CVE-2025-40021, CVE-2025-40029, CVE-2025-40030, CVE-2025-40032, CVE-2025-40035, CVE-2025-40036, CVE-2025-40040, CVE-2025-40043, CVE-2025-40051, CVE-2025-40056, CVE-2025-40058, CVE-2025-40059, CVE-2025-40060, CVE-2025-40062, CVE-2025-40070, CVE-2025-40071, CVE-2025-40074, CVE-2025-40075, CVE-2025-40078, CVE-2025-40080, CVE-2025-40083, CVE-2025-40096, CVE-2025-40100, CVE-2025-40109, CVE-2025-40115, CVE-2025-40118, CVE-2025-40127, CVE-2025-40129, CVE-2025-40140, CVE-2025-40149, CVE-2025-40156, CVE-2025-40159, CVE-2025-40169, CVE-2025-40176, CVE-2025-40180, CVE-2025-40183, CVE-2025-40186, CVE-2025-40188, CVE-2025-40194, CVE-2025-40198, CVE-2025-40204, CVE-2025-40205, CVE-2025-40206, CVE-2025-40207 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt (EXSLT parser) CVE-2025-11731 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
MySQL Connector/J CVE-2023-22102 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Oracle Java SE CVE-2025-30754, CVE-2025-30761, CVE-2026-21925 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
wcurl CVE-2025-11563 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies raccomanda a tutti i clienti di prendere in considerazione sia il punteggio base CVSS, sia ogni eventuale punteggio temporale o ambientale che possa avere effetti sul livello di gravità potenziale associato a una specifica vulnerabilità di sicurezza.

Prodotti interessati e correzione

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Note: 

  1. To remediate vulnerabilities, customers running supported affected versions of ECS must upgrade to the latest ObjectScale release 4.3.0.0.
  2. Dell recommends all customers have their ObjectScale systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  3. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information.

Soluzioni alternative e mitigazioni

CVE ID Workaround and Mitigation
CVE-2026-40636 To mitigate this vulnerability, customers on all supported ECS or Objectscale versions, still using default credentials, can apply the password change procedure documented as a 'NOTE' under the ‘Default Node Users’ table in the Dell ObjectScale 4.3.0.0 Security Configuration Guide, without performing an upgrade.

 

Cronologia delle revisioni

RevisionDateDescription
1.02026-05-10Initial Release

 

Informazioni correlate

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Dichiarazione di non responsabilità

Prodotti interessati

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Software with Encryption, ObjectScale Software without Encryption , ObjectScale Software Series ...
Proprietà dell'articolo
Numero articolo: 000462117
Tipo di articolo: Dell Security Advisory
Ultima modifica: 10 mag 2026
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.