Zero Day MonitorZDM

← Back to list

6.7

CVE-2026-26946PATCHED

dell · ecs

CVE-2026-26946: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege

Description

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Affected Products

Vendor	Product	Versions
dell	ecs	0, 0

References

https://www.dell.com/support/kbdoc/en-us/000462117/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities-1(vendor-advisory)

Related News (1 articles)

Tier C

VulDB11h ago

CVE-2026-26946 | Dell ECS/ObjectScale privileges management (dsa-2026-047)

→ No new info (linked only)

CVSS 3.16.7 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.3.0.0 or later

CWECWE-269

PublishedMay 11, 2026

Last enriched10h agov2

Trending Score27

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-40636EXP

CVE-2026-40636: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded c

HIGHCVE-2026-32658

CVE-2026-32658: Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged att

MEDIUMCVE-2025-43992

CVE-2025-43992: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication byp

MEDIUMCVE-2026-35157

CVE-2026-35157: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutraliz

Multiple Vulnerabilities in Dell PowerScale, Elastic Cloud Storage, and ObjectScale

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 11, 2026

Discovered by ZDM

May 11, 2026

Updated: severity

May 11, 2026

Patch Available

May 11, 2026

Version History

v2

Last enriched 10h ago

v2Tier C10h ago

Updated severity to CRITICAL and corrected exploit availability to false.

severity

via VulDB

v112h ago

Initial creation