CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-40636

CVSS 9.8v3.1pub. 2026-05-11upd. 2026-05-12

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.

🤖 AI Analysis
How it works

The vendor hard-coded authentication credentials (e.g., password or key) directly into the software without the ability for administrators to change them. An attacker with local access to the system can use these known credentials to authenticate to the component without possessing legitimate permissions. As a result, they gain access to the device's file system, bypassing standard access control mechanisms.

Impact

An attacker can gain unauthorized access to the file system, which may lead to reading sensitive data, modifying configuration files, or compromising the integrity and confidentiality of stored data.

Mitigation & patch

Dell ECS must be updated to a version higher than 3.8.1.7 and Dell ObjectScale to version 4.3.0.0 or newer in accordance with vendor recommendations described in bulletin DSA-2026-047 available at: https://www.dell.com/support/kbdoc/en-us/000462117/

Who is affected

Dell ECS in versions 3.8.1.0 through 3.8.1.7 inclusive and Dell ObjectScale in versions prior to 4.3.0.0.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Elastic Cloud Storage

    APP
    Dell
    3.8.1.0 – 4.3.0.0 (bez)
  • Dell Objectscale

    APP
    Dell
    < 4.3.0.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2017-8021CRITICAL9.8ten sam produkt

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could pot...

CVE-2026-28261HIGH7.8ten sam produkt

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and ver...

CVE-2026-22273HIGH8.8ten sam produkt

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of...

CVE-2026-22271HIGH7.5ten sam produkt

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Clearte...

CVE-2025-26476HIGH8.4ten sam produkt

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key...