cbcvebase.

Dell Objectscale vulnerabilities

14 known vulnerabilities affecting dell/objectscale.

Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM9

Vulnerabilities

Page 1 of 1
CVE-2026-35157P2CRITICALCVSS 9.8fixed in 4.3.0.0fixed in 4.3.0.0 or later2026-05-11
CVE-2026-35157 [CRITICAL] CWE-1236 CVE-2026-35157: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.
nvd
CVE-2026-22273P2HIGHCVSS 8.8fixed in 4.2.0.0≥ N/A, < 4.2.0.02026-01-23
CVE-2026-22273 [HIGH] CWE-1392 CVE-2026-22273: Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
nvd
CVE-2025-26477P3HIGHCVSS 8.8fixed in 4.0.0.02025-04-17
CVE-2025-26477 [HIGH] CWE-20 CVE-2025-26477: Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privile Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
nvd
CVE-2026-40636P3HIGHCVSS 7.8fixed in 4.3.0.0fixed in 4.3.0.0 or later2026-05-11
CVE-2026-40636 [HIGH] CWE-798 CVE-2026-40636: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.
nvd
CVE-2026-22271P3HIGHCVSS 7.5fixed in 4.2.0.0≥ N/A, < 4.2.0.02026-01-23
CVE-2026-22271 [HIGH] CWE-319 CVE-2026-22271: Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
nvd
CVE-2025-43992P3MEDIUMCVSS 5.6fixed in 4.3.0.0fixed in 4.3.0.0 or later2026-05-11
CVE-2025-43992 [MEDIUM] CWE-302 CVE-2025-43992: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit.
nvd
CVE-2026-22274P3MEDIUMCVSS 6.5fixed in 4.2.0.0≥ N/A, < 4.2.0.02026-01-23
CVE-2026-22274 [MEDIUM] CWE-319 CVE-2026-22274: Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit.
nvd
CVE-2026-26946P4MEDIUMCVSS 6.7fixed in 4.3.0.0fixed in 4.3.0.0 or later2026-05-11
CVE-2026-26946 [MEDIUM] CWE-269 CVE-2026-26946: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
nvd
CVE-2025-26478P4MEDIUMCVSS 6.5fixed in 4.0.0.02025-04-17
CVE-2025-26478 [MEDIUM] CWE-295 CVE-2025-26478: Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unau Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
nvd
CVE-2025-26476P4MEDIUMCVSS 5.5v4.0.0.0≥ 4.0.0.0, < 4.0.0.0 or later2025-08-04
CVE-2025-26476 [MEDIUM] CWE-321 CVE-2025-26476: Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptog Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
nvd
CVE-2026-28261P4MEDIUMCVSS 5.5fixed in 4.1.0.3v4.2.0.0+1 more2026-04-08
CVE-2026-28261 [MEDIUM] CWE-532 CVE-2026-28261: Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0 Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use t
nvd
CVE-2026-22276P4MEDIUMCVSS 5.5fixed in 4.2.0.0≥ N/A, < 4.2.0.02026-01-23
CVE-2026-22276 [MEDIUM] CWE-312 CVE-2026-22276: Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
nvd
CVE-2025-30483P4MEDIUMCVSS 5.5fixed in 4.0.0.1≥ 4.0.0.0, < 4.0.0.12025-07-15
CVE-2025-30483 [MEDIUM] CWE-532 CVE-2025-30483: Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive I Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
nvd
CVE-2026-22275P4MEDIUMCVSS 4.4fixed in 4.2.0.0≥ N/A, < 4.2.0.02026-01-23
CVE-2026-22275 [MEDIUM] CWE-540 CVE-2026-22275: Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
nvd
Dell Objectscale vulnerabilities | cvebase