Zero Day MonitorZDM

← Back to list

4.4

CVE-2026-22275PATCHED

dell · elastic_cloud_storage

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with

Description

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Affected Products

Vendor	Product	Versions
dell	elastic_cloud_storage	< 4.2.0.0, < 4.2.0.0

References

https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities(Vendor Advisory)

CVSS 3.14.4 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available4.2.0.0

CWECWE-540

PublishedJan 23, 2026

Last enriched4d ago

Trending Score0

Source articles0

Independent0

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple Third-Party Component Vulnerabilities in Dell Products

MEDIUMCVE-2026-22764

Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability

HIGHCVE-2025-36589

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially explo

MEDIUMCVE-2026-24510

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vu

MEDIUMCVE-2026-22274

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenti

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Jan 23, 2026

Patch Available

Feb 18, 2026

Discovered by ZDM

Mar 26, 2026