HIGH✓ PATCH🇬🇧 English

CVE-2026-28261

CVSS 7.8v3.1pub. 2026-04-08upd. 2026-04-13

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dell Elastic Cloud Storage

    APP
    Dell
    < 4.2.0.1
  • Dell Objectscale

    APP
    Dell
    4.2.0.0< 4.1.0.3
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2026-40636CRITICAL9.8PL ✓ten sam produkt

Dell ECS / ObjectScale — podatność hard-coded credentials umożliwiająca dostęp do systemu plików

CVE-2017-8021CRITICAL9.8ten sam produkt

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could pot...

CVE-2026-22273HIGH8.8ten sam produkt

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of...

CVE-2026-22271HIGH7.5ten sam produkt

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Clearte...

CVE-2025-26476HIGH8.4ten sam produkt

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key...

CVE-2026-28261 — HIGH 7.8 | CVEbaza.pl