DSA-2026-019: Security update for Dell ECS and ObjectScale Multiple Vulnerabilities

概要: Dell ECS and ObjectScale remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

Critical

詳細

Third-party Component CVEs More Information
Apache MINA CVE-2024-52046 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Parquet Avro CVE-2025-46762 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Dell BSAFE SSL‑J CVE-2022-34364, CVE-2023-28077 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel-default CVE-2022-50253, CVE-2022-50482, CVE-2022-50497, CVE-2023-31248, CVE-2023-3772, CVE-2023-39197, CVE-2023-42752, CVE-2023-42753, CVE-2023-53147, CVE-2023-53148, CVE-2023-53167, CVE-2023-53170, CVE-2023-53174, CVE-2023-53179, CVE-2023-53181, CVE-2023-53184, CVE-2023-53187, CVE-2023-53189, CVE-2023-53195, CVE-2023-53204, CVE-2023-53206, CVE-2023-53207, CVE-2023-53210, CVE-2023-53215, CVE-2023-53217, CVE-2023-53221, CVE-2023-53235, CVE-2023-53238, CVE-2023-53243, CVE-2023-53255, CVE-2023-53260, CVE-2023-53261, CVE-2023-53272, CVE-2023-53288, CVE-2023-53291, CVE-2023-53292, CVE-2023-53303, CVE-2023-53304, CVE-2023-53312, CVE-2023-53331, CVE-2023-53333, CVE-2023-53336, CVE-2023-53338, CVE-2023-53339, CVE-2023-53342, CVE-2023-53343, CVE-2023-53350, CVE-2023-53354, CVE-2023-53360, CVE-2023-53364, CVE-2023-53367, CVE-2023-53368, CVE-2023-53369, CVE-2023-53371, CVE-2023-53379, CVE-2023-53385, CVE-2023-53391, CVE-2023-53394, CVE-2023-53395, CVE-2023-53397, CVE-2023-53401, CVE-2023-53421, CVE-2023-53426, CVE-2023-53429, CVE-2023-53432, CVE-2023-53436, CVE-2023-53441, CVE-2023-53442, CVE-2023-53444, CVE-2023-53446, CVE-2023-53448, CVE-2023-53454, CVE-2023-53456, CVE-2023-53461, CVE-2023-53462, CVE-2023-53463, CVE-2023-53472, CVE-2023-53479, CVE-2023-53480, CVE-2023-53490, CVE-2023-53491, CVE-2023-53492, CVE-2023-53493, CVE-2023-53495, CVE-2023-53496, CVE-2023-53507, CVE-2023-53508, CVE-2023-53510, CVE-2023-53515, CVE-2023-53518, CVE-2023-53526, CVE-2023-53527, CVE-2023-53538, CVE-2023-53543, CVE-2023-53546, CVE-2023-53555, CVE-2023-53557, CVE-2023-53558, CVE-2023-53577, CVE-2023-53580, CVE-2023-53581, CVE-2023-53585, CVE-2023-53596, CVE-2023-53600, CVE-2023-53601, CVE-2023-53611, CVE-2023-53613, CVE-2023-53618, CVE-2023-53621, CVE-2023-53633, CVE-2023-53638, CVE-2023-53645, CVE-2023-53649, CVE-2023-53652, CVE-2023-53653, CVE-2023-53656, CVE-2023-53657, CVE-2023-53660, CVE-2023-53665, CVE-2023-53672, CVE-2023-53676, CVE-2023-53686, CVE-2023-53697, CVE-2023-53698, CVE-2023-53727, CVE-2023-53728, CVE-2023-53731, CVE-2023-53733, CVE-2024-26584, CVE-2024-58090, CVE-2024-58240, CVE-2025-21710, CVE-2025-37916, CVE-2025-38008, CVE-2025-38119, CVE-2025-38234, CVE-2025-38402, CVE-2025-38408, CVE-2025-38418, CVE-2025-38419, CVE-2025-38456, CVE-2025-38465, CVE-2025-38466, CVE-2025-38514, CVE-2025-38526, CVE-2025-38533, CVE-2025-38544, CVE-2025-38552, CVE-2025-38556, CVE-2025-38574, CVE-2025-38584, CVE-2025-38590, CVE-2025-38614, CVE-2025-38616, CVE-2025-38622, CVE-2025-38623, CVE-2025-38639, CVE-2025-38640, CVE-2025-38645, CVE-2025-38653, CVE-2025-38668, CVE-2025-38678, CVE-2025-38679, CVE-2025-38684, CVE-2025-38687, CVE-2025-38691, CVE-2025-38695, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38709, CVE-2025-38718, CVE-2025-38721, CVE-2025-38722, CVE-2025-38725, CVE-2025-38727, CVE-2025-38730, CVE-2025-38732, CVE-2025-38735, CVE-2025-38736, CVE-2025-39673, CVE-2025-39676, CVE-2025-39677, CVE-2025-39682, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39701, CVE-2025-39702, CVE-2025-39706, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39718, CVE-2025-39721, CVE-2025-39724, CVE-2025-39805, CVE-2025-39812, CVE-2025-39828, CVE-2025-39841, CVE-2025-39859, CVE-2025-39866, CVE-2025-39876, CVE-2025-39881, CVE-2025-39895, CVE-2025-39902, CVE-2025-39931, CVE-2025-39934, CVE-2025-39937, CVE-2025-39946, CVE-2025-39947, CVE-2025-39949, CVE-2025-39955, CVE-2025-39977, CVE-2025-39980, CVE-2025-39993, CVE-2025-39995, CVE-2025-40001, CVE-2025-40019, CVE-2025-40021, CVE-2025-40029, CVE-2025-40030, CVE-2025-40032, CVE-2025-40035, CVE-2025-40036, CVE-2025-40040, CVE-2025-40043, CVE-2025-40051, CVE-2025-40056, CVE-2025-40058, CVE-2025-40059, CVE-2025-40060, CVE-2025-40062, CVE-2025-40070, CVE-2025-40071, CVE-2025-40074, CVE-2025-40075, CVE-2025-40078, CVE-2025-40080, CVE-2025-40083, CVE-2025-40096, CVE-2025-40100, CVE-2025-40109, CVE-2025-40115, CVE-2025-40118, CVE-2025-40127, CVE-2025-40129, CVE-2025-40140, CVE-2025-40149, CVE-2025-40156, CVE-2025-40159, CVE-2025-40169, CVE-2025-40176, CVE-2025-40180, CVE-2025-40183, CVE-2025-40186, CVE-2025-40188, CVE-2025-40194, CVE-2025-40198, CVE-2025-40204, CVE-2025-40205, CVE-2025-40206, CVE-2025-40207 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt (EXSLT parser) CVE-2025-11731 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
MySQL Connector/J CVE-2023-22102 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Oracle Java SE CVE-2025-30754, CVE-2025-30761, CVE-2026-21925 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
wcurl CVE-2025-11563 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Note: 

  1. To remediate vulnerabilities, customers running supported affected versions of ECS must upgrade to the latest ObjectScale release 4.3.0.0.
  2. Dell recommends all customers have their ObjectScale systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  3. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information.

回避策と緩和策

CVE ID Workaround and Mitigation
CVE-2026-40636 To mitigate this vulnerability, customers on all supported ECS or Objectscale versions, still using default credentials, can apply the password change procedure documented as a 'NOTE' under the ‘Default Node Users’ table in the Dell ObjectScale 4.3.0.0 Security Configuration Guide, without performing an upgrade.

 

変更履歴

RevisionDateDescription
1.02026-05-10Initial Release

 

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Software with Encryption, ObjectScale Software without Encryption , ObjectScale Software Series ...
文書のプロパティ
文書番号: 000462117
文書の種類: Dell Security Advisory
最終更新: 10 5月 2026
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。