DSA-2026-019: Security update for Dell ECS and ObjectScale Multiple Vulnerabilities

Summary: Dell ECS and ObjectScale remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVEs More Information
Apache MINA CVE-2024-52046 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Apache Parquet Avro CVE-2025-46762 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Dell BSAFE SSL‑J CVE-2022-34364, CVE-2023-28077 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel-default CVE-2022-50253, CVE-2022-50482, CVE-2022-50497, CVE-2023-31248, CVE-2023-3772, CVE-2023-39197, CVE-2023-42752, CVE-2023-42753, CVE-2023-53147, CVE-2023-53148, CVE-2023-53167, CVE-2023-53170, CVE-2023-53174, CVE-2023-53179, CVE-2023-53181, CVE-2023-53184, CVE-2023-53187, CVE-2023-53189, CVE-2023-53195, CVE-2023-53204, CVE-2023-53206, CVE-2023-53207, CVE-2023-53210, CVE-2023-53215, CVE-2023-53217, CVE-2023-53221, CVE-2023-53235, CVE-2023-53238, CVE-2023-53243, CVE-2023-53255, CVE-2023-53260, CVE-2023-53261, CVE-2023-53272, CVE-2023-53288, CVE-2023-53291, CVE-2023-53292, CVE-2023-53303, CVE-2023-53304, CVE-2023-53312, CVE-2023-53331, CVE-2023-53333, CVE-2023-53336, CVE-2023-53338, CVE-2023-53339, CVE-2023-53342, CVE-2023-53343, CVE-2023-53350, CVE-2023-53354, CVE-2023-53360, CVE-2023-53364, CVE-2023-53367, CVE-2023-53368, CVE-2023-53369, CVE-2023-53371, CVE-2023-53379, CVE-2023-53385, CVE-2023-53391, CVE-2023-53394, CVE-2023-53395, CVE-2023-53397, CVE-2023-53401, CVE-2023-53421, CVE-2023-53426, CVE-2023-53429, CVE-2023-53432, CVE-2023-53436, CVE-2023-53441, CVE-2023-53442, CVE-2023-53444, CVE-2023-53446, CVE-2023-53448, CVE-2023-53454, CVE-2023-53456, CVE-2023-53461, CVE-2023-53462, CVE-2023-53463, CVE-2023-53472, CVE-2023-53479, CVE-2023-53480, CVE-2023-53490, CVE-2023-53491, CVE-2023-53492, CVE-2023-53493, CVE-2023-53495, CVE-2023-53496, CVE-2023-53507, CVE-2023-53508, CVE-2023-53510, CVE-2023-53515, CVE-2023-53518, CVE-2023-53526, CVE-2023-53527, CVE-2023-53538, CVE-2023-53543, CVE-2023-53546, CVE-2023-53555, CVE-2023-53557, CVE-2023-53558, CVE-2023-53577, CVE-2023-53580, CVE-2023-53581, CVE-2023-53585, CVE-2023-53596, CVE-2023-53600, CVE-2023-53601, CVE-2023-53611, CVE-2023-53613, CVE-2023-53618, CVE-2023-53621, CVE-2023-53633, CVE-2023-53638, CVE-2023-53645, CVE-2023-53649, CVE-2023-53652, CVE-2023-53653, CVE-2023-53656, CVE-2023-53657, CVE-2023-53660, CVE-2023-53665, CVE-2023-53672, CVE-2023-53676, CVE-2023-53686, CVE-2023-53697, CVE-2023-53698, CVE-2023-53727, CVE-2023-53728, CVE-2023-53731, CVE-2023-53733, CVE-2024-26584, CVE-2024-58090, CVE-2024-58240, CVE-2025-21710, CVE-2025-37916, CVE-2025-38008, CVE-2025-38119, CVE-2025-38234, CVE-2025-38402, CVE-2025-38408, CVE-2025-38418, CVE-2025-38419, CVE-2025-38456, CVE-2025-38465, CVE-2025-38466, CVE-2025-38514, CVE-2025-38526, CVE-2025-38533, CVE-2025-38544, CVE-2025-38552, CVE-2025-38556, CVE-2025-38574, CVE-2025-38584, CVE-2025-38590, CVE-2025-38614, CVE-2025-38616, CVE-2025-38622, CVE-2025-38623, CVE-2025-38639, CVE-2025-38640, CVE-2025-38645, CVE-2025-38653, CVE-2025-38668, CVE-2025-38678, CVE-2025-38679, CVE-2025-38684, CVE-2025-38687, CVE-2025-38691, CVE-2025-38695, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38709, CVE-2025-38718, CVE-2025-38721, CVE-2025-38722, CVE-2025-38725, CVE-2025-38727, CVE-2025-38730, CVE-2025-38732, CVE-2025-38735, CVE-2025-38736, CVE-2025-39673, CVE-2025-39676, CVE-2025-39677, CVE-2025-39682, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39701, CVE-2025-39702, CVE-2025-39706, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39718, CVE-2025-39721, CVE-2025-39724, CVE-2025-39805, CVE-2025-39812, CVE-2025-39828, CVE-2025-39841, CVE-2025-39859, CVE-2025-39866, CVE-2025-39876, CVE-2025-39881, CVE-2025-39895, CVE-2025-39902, CVE-2025-39931, CVE-2025-39934, CVE-2025-39937, CVE-2025-39946, CVE-2025-39947, CVE-2025-39949, CVE-2025-39955, CVE-2025-39977, CVE-2025-39980, CVE-2025-39993, CVE-2025-39995, CVE-2025-40001, CVE-2025-40019, CVE-2025-40021, CVE-2025-40029, CVE-2025-40030, CVE-2025-40032, CVE-2025-40035, CVE-2025-40036, CVE-2025-40040, CVE-2025-40043, CVE-2025-40051, CVE-2025-40056, CVE-2025-40058, CVE-2025-40059, CVE-2025-40060, CVE-2025-40062, CVE-2025-40070, CVE-2025-40071, CVE-2025-40074, CVE-2025-40075, CVE-2025-40078, CVE-2025-40080, CVE-2025-40083, CVE-2025-40096, CVE-2025-40100, CVE-2025-40109, CVE-2025-40115, CVE-2025-40118, CVE-2025-40127, CVE-2025-40129, CVE-2025-40140, CVE-2025-40149, CVE-2025-40156, CVE-2025-40159, CVE-2025-40169, CVE-2025-40176, CVE-2025-40180, CVE-2025-40183, CVE-2025-40186, CVE-2025-40188, CVE-2025-40194, CVE-2025-40198, CVE-2025-40204, CVE-2025-40205, CVE-2025-40206, CVE-2025-40207 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt (EXSLT parser) CVE-2025-11731 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
MySQL Connector/J CVE-2023-22102 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Oracle Java SE CVE-2025-30754, CVE-2025-30761, CVE-2026-21925 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
wcurl CVE-2025-11563 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker. 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-26946 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2026-35157 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution. 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-43992 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Product Affected Versions Remediated Versions Link
Elastic Cloud Storage (ECS) Versions 3.8.1.0 through 3.8.1.7 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019
ObjectScale Versions prior to 4.3.0.0 Version 4.3.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2026-019

 

Note: 

  1. To remediate vulnerabilities, customers running supported affected versions of ECS must upgrade to the latest ObjectScale release 4.3.0.0.
  2. Dell recommends all customers have their ObjectScale systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  3. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information.

Workarounds & Mitigations

CVE ID Workaround and Mitigation
CVE-2026-40636 To mitigate this vulnerability, customers on all supported ECS or Objectscale versions, still using default credentials, can apply the password change procedure documented as a 'NOTE' under the ‘Default Node Users’ table in the Dell ObjectScale 4.3.0.0 Security Configuration Guide, without performing an upgrade.

 

Revision History

RevisionDateDescription
1.02026-05-10Initial Release

 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Software with Encryption, ObjectScale Software without Encryption , ObjectScale Software Series ...
Article Properties
Article Number: 000462117
Article Type: Dell Security Advisory
Last Modified: 10 May 2026
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.