DSA-2026-019: Security update for Dell ECS and ObjectScale Multiple Vulnerabilities

Samenvatting: Dell ECS and ObjectScale remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Impact

Critical

Gegevens

Third-party Component CVEs More Information
Apache MINA CVE-2024-52046 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Parquet Avro CVE-2025-46762 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Dell BSAFE SSL‑J CVE-2022-34364, CVE-2023-28077 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel-default CVE-2022-50253, CVE-2022-50482, CVE-2022-50497, CVE-2023-31248, CVE-2023-3772, CVE-2023-39197, CVE-2023-42752, CVE-2023-42753, CVE-2023-53147, CVE-2023-53148, CVE-2023-53167, CVE-2023-53170, CVE-2023-53174, CVE-2023-53179, CVE-2023-53181, CVE-2023-53184, CVE-2023-53187, CVE-2023-53189, CVE-2023-53195, CVE-2023-53204, CVE-2023-53206, CVE-2023-53207, CVE-2023-53210, CVE-2023-53215, CVE-2023-53217, CVE-2023-53221, CVE-2023-53235, CVE-2023-53238, CVE-2023-53243, CVE-2023-53255, CVE-2023-53260, CVE-2023-53261, CVE-2023-53272, CVE-2023-53288, CVE-2023-53291, CVE-2023-53292, CVE-2023-53303, CVE-2023-53304, CVE-2023-53312, CVE-2023-53331, CVE-2023-53333, CVE-2023-53336, CVE-2023-53338, CVE-2023-53339, CVE-2023-53342, CVE-2023-53343, CVE-2023-53350, CVE-2023-53354, CVE-2023-53360, CVE-2023-53364, CVE-2023-53367, CVE-2023-53368, CVE-2023-53369, CVE-2023-53371, CVE-2023-53379, CVE-2023-53385, CVE-2023-53391, CVE-2023-53394, CVE-2023-53395, CVE-2023-53397, CVE-2023-53401, CVE-2023-53421, CVE-2023-53426, CVE-2023-53429, CVE-2023-53432, CVE-2023-53436, CVE-2023-53441, CVE-2023-53442, CVE-2023-53444, CVE-2023-53446, CVE-2023-53448, CVE-2023-53454, CVE-2023-53456, CVE-2023-53461, CVE-2023-53462, CVE-2023-53463, CVE-2023-53472, CVE-2023-53479, CVE-2023-53480, CVE-2023-53490, CVE-2023-53491, CVE-2023-53492, CVE-2023-53493, CVE-2023-53495, CVE-2023-53496, CVE-2023-53507, CVE-2023-53508, CVE-2023-53510, CVE-2023-53515, CVE-2023-53518, CVE-2023-53526, CVE-2023-53527, CVE-2023-53538, CVE-2023-53543, CVE-2023-53546, CVE-2023-53555, CVE-2023-53557, CVE-2023-53558, CVE-2023-53577, CVE-2023-53580, CVE-2023-53581, CVE-2023-53585, CVE-2023-53596, CVE-2023-53600, CVE-2023-53601, CVE-2023-53611, CVE-2023-53613, CVE-2023-53618, CVE-2023-53621, CVE-2023-53633, CVE-2023-53638, CVE-2023-53645, CVE-2023-53649, CVE-2023-53652, CVE-2023-53653, CVE-2023-53656, CVE-2023-53657, CVE-2023-53660, CVE-2023-53665, CVE-2023-53672, CVE-2023-53676, CVE-2023-53686, CVE-2023-53697, CVE-2023-53698, CVE-2023-53727, CVE-2023-53728, CVE-2023-53731, CVE-2023-53733, CVE-2024-26584, CVE-2024-58090, CVE-2024-58240, CVE-2025-21710, CVE-2025-37916, CVE-2025-38008, CVE-2025-38119, CVE-2025-38234, CVE-2025-38402, CVE-2025-38408, CVE-2025-38418, CVE-2025-38419, CVE-2025-38456, CVE-2025-38465, CVE-2025-38466, CVE-2025-38514, CVE-2025-38526, CVE-2025-38533, CVE-2025-38544, CVE-2025-38552, CVE-2025-38556, CVE-2025-38574, CVE-2025-38584, CVE-2025-38590, CVE-2025-38614, CVE-2025-38616, CVE-2025-38622, CVE-2025-38623, CVE-2025-38639, CVE-2025-38640, CVE-2025-38645, CVE-2025-38653, CVE-2025-38668, CVE-2025-38678, CVE-2025-38679, CVE-2025-38684, CVE-2025-38687, CVE-2025-38691, CVE-2025-38695, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38709, CVE-2025-38718, CVE-2025-38721, CVE-2025-38722, CVE-2025-38725, CVE-2025-38727, CVE-2025-38730, CVE-2025-38732, CVE-2025-38735, CVE-2025-38736, CVE-2025-39673, CVE-2025-39676, CVE-2025-39677, CVE-2025-39682, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39701, CVE-2025-39702, CVE-2025-39706, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39718, CVE-2025-39721, CVE-2025-39724, CVE-2025-39805, CVE-2025-39812, CVE-2025-39828, CVE-2025-39841, CVE-2025-39859, CVE-2025-39866, CVE-2025-39876, CVE-2025-39881, CVE-2025-39895, CVE-2025-39902, CVE-2025-39931, CVE-2025-39934, CVE-2025-39937, CVE-2025-39946, CVE-2025-39947, CVE-2025-39949, CVE-2025-39955, CVE-2025-39977, CVE-2025-39980, CVE-2025-39993, CVE-2025-39995, CVE-2025-40001, CVE-2025-40019, CVE-2025-40021, CVE-2025-40029, CVE-2025-40030, CVE-2025-40032, CVE-2025-40035, CVE-2025-40036, CVE-2025-40040, CVE-2025-40043, CVE-2025-40051, CVE-2025-40056, CVE-2025-40058, CVE-2025-40059, CVE-2025-40060, CVE-2025-40062, CVE-2025-40070, CVE-2025-40071, CVE-2025-40074, CVE-2025-40075, CVE-2025-40078, CVE-2025-40080, CVE-2025-40083, CVE-2025-40096, CVE-2025-40100, CVE-2025-40109, CVE-2025-40115, CVE-2025-40118, CVE-2025-40127, CVE-2025-40129, CVE-2025-40140, CVE-2025-40149, CVE-2025-40156, CVE-2025-40159, CVE-2025-40169, CVE-2025-40176, CVE-2025-40180, CVE-2025-40183, CVE-2025-40186, CVE-2025-40188, CVE-2025-40194, CVE-2025-40198, CVE-2025-40204, CVE-2025-40205, CVE-2025-40206, CVE-2025-40207 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt (EXSLT parser) CVE-2025-11731 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
MySQL Connector/J CVE-2023-22102 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Oracle Java SE CVE-2025-30754, CVE-2025-30761, CVE-2026-21925 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
wcurl CVE-2025-11563 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Note: 

  1. To remediate vulnerabilities, customers running supported affected versions of ECS must upgrade to the latest ObjectScale release 4.3.0.0.
  2. Dell recommends all customers have their ObjectScale systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  3. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information.

Tijdelijke oplossingen en risicobeperking

CVE ID Workaround and Mitigation
CVE-2026-40636 To mitigate this vulnerability, customers on all supported ECS or Objectscale versions, still using default credentials, can apply the password change procedure documented as a 'NOTE' under the ‘Default Node Users’ table in the Dell ObjectScale 4.3.0.0 Security Configuration Guide, without performing an upgrade.

 

Revisiegeschiedenis

RevisionDateDescription
1.02026-05-10Initial Release

 

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische verklaring van afstand

Getroffen producten

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Software with Encryption, ObjectScale Software without Encryption , ObjectScale Software Series ...
Artikeleigenschappen
Artikelnummer: 000462117
Artikeltype: Dell Security Advisory
Laatst aangepast: 10 mei 2026
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.