CRITICALCVE-2026-40636Published 2026-05-11Modified 2026-05-12CNA dell

CVE-2026-40636: Dell ECS versions 3

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: 4.3.0.0 or later
Affected Products: 2

Fix available

4.3.0.0 or later

Affected packages

Dell / ECS
< 4.3.0.0 or later (from 0)
Dell / ObjectScale
< 4.3.0.0 or later (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

dell.com

Metrics

Fix available