Critical 9.8 Alert: Hard-Coded Credentials in Dell ECS and ObjectScale Leave Filesystems Exposed
Ddos 
Dell has released a high-priority security update addressing multiple vulnerabilities within its Elastic Cloud Storage (ECS) and ObjectScale platforms. The advisory highlights a series of flaws that could allow malicious actors to compromise systems, gain unauthorized data access, or elevate their privileges.
The most severe flaw addressed in this update is a Critical vulnerability carrying a CVSS score of 9.8. This vulnerability, tracked as CVE-2026-40636, involves the use of hard-coded credentials. An unauthenticated attacker with local access could exploit this flaw to gain direct access to the filesystem.
While an upgrade is recommended, Dell notes that customers still using default credentials can mitigate this risk by following the password change procedure outlined in the Dell ObjectScale 4.3.0.0 Security Configuration Guide.
Beyond the critical credential flaw, three other notable vulnerabilities were patched in this cycle:
| CVE ID | Severity | Impact | Attack Vector |
| CVE-2026-26946 | 6.7 (Medium) |
Privilege Elevation: A high-privileged local attacker could gain further OS-level control. |
Local |
| CVE-2026-35157 | 5.8 (Medium) |
Remote Execution: Improper neutralization of formula elements in CSV files within the UI. |
Remote |
| CVE-2025-43992 | 5.6 (Medium) |
Data Interception: An authentication bypass in Geo-replication could lead to unauthorized access to data in transit. |
Remote |
The following versions are confirmed to be at risk:
- Dell ECS: Versions 3.8.1.0 through 3.8.1.7.
- Dell ObjectScale: All versions prior to 4.3.0.0.
Dell strongly recommends that all customers upgrade their systems at the earliest opportunity. Customers must transition to ObjectScale release 4.3.0.0 or later to fully remediate these flaws.Β
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
