Threat Advisory

Dell ECS Vulnerability Exposes Hard-Coded Credentials

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Dell's Elastic Cloud Storage (ECS) and ObjectScale platforms. The affected products and software versions include Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale, all versions prior to 4.3.0.0. The identified vulnerabilities are a mix of privilege elevation, remote execution, and data interception. An attacker could compromise systems, gain unauthorized data access, or elevate their privileges. This poses a significant business risk, as sensitive data could be compromised, and system integrity could be severely impacted. Customers are strongly advised to take immediate action to mitigate these vulnerabilities.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Dell's Elastic Cloud Storage (ECS) and ObjectScale platforms. The affected products and software versions include Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale, all versions prior to 4.3.0.0. The identified vulnerabilities are a mix of privilege elevation, remote execution, and data interception. An attacker could compromise systems, gain unauthorized data access, or elevate their privileges. This poses a significant business risk, as sensitive data could be compromised, and system integrity could be severely impacted. Customers are strongly advised to take immediate action to mitigate these vulnerabilities.[emaillocker id="1283"]

  • CVE-2026-40636 with a CVSS score of 9.8 is a use of hard-coded credentials vulnerability that could allow an unauthenticated attacker with local access to gain filesystem access on affected Dell ECS and ObjectScale systems.
  • CVE-2026-26946 with a CVSS score of 6.7 is an improper privilege management vulnerability in the operating system that could allow a high privileged attacker with local access to elevate privileges.
  • CVE-2026-35157 with a CVSS score of 5.8 is an improper neutralization of formula elements in a CSV file vulnerability in the UI that could allow remote code execution through malicious CSV content.
  • CVE-2025-43992 with a CVSS score of 5.6 is an authentication bypass vulnerability in Geo replication that could allow unauthorized access to data in transit

The identified vulnerabilities pose a significant risk to customers using Dell ECS and ObjectScale. If exploited, these flaws could lead to unauthorized data access, system compromise, and privilege elevation. Dell strongly recommends that all customers transition to ObjectScale release 4.3.0.0 or later to fully remediate these flaws. The business consequences of exploitation could be severe, including data breaches, system downtime, and reputational damage.

RECOMMENDATION:

  • We recommend you to update Dell ObjectScale to version 4.3.0.0 or later.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/dell-ecs-objectscale-security-update-cve-2026-40636/

[/emaillocker]
crossmenu