Zero Day MonitorZDM

← Back to list

5.8

CVE-2026-35157PATCHED

dell · ecs

CVE-2026-35157: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutraliz

Description

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.

Affected Products

Vendor	Product	Versions
dell	ecs	0, 0

References

https://www.dell.com/support/kbdoc/en-us/000462117/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities-1(vendor-advisory)

Related News (1 articles)

Tier C

VulDB11h ago

CVE-2026-35157 | Dell ECS/ObjectScale csv injection (dsa-2026-047)

→ No new info (linked only)

CVSS 3.15.8 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.3.0.0 or later

CWECWE-1236

PublishedMay 11, 2026

Trending Score22

Source articles1

Independent1

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-40636EXP

CVE-2026-40636: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded c

HIGHCVE-2026-32658

CVE-2026-32658: Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged att

MEDIUMCVE-2026-26946

CVE-2026-26946: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege

MEDIUMCVE-2025-43992

CVE-2025-43992: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication byp

Multiple Vulnerabilities in Dell PowerScale, Elastic Cloud Storage, and ObjectScale

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 11, 2026

Patch Available

May 11, 2026

Discovered by ZDM

May 11, 2026