Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-40636EXPLOITEDPATCHED

dell · ecs

CVE-2026-40636: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded c

Description

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.

Affected Products

Vendor	Product	Versions
dell	ecs	0, 0

References

https://www.dell.com/support/kbdoc/en-us/000462117/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities-1(vendor-advisory)

Related News (1 articles)

Tier C

VulDB11h ago

CVE-2026-40636 | Dell ECS/ObjectScale hard-coded credentials (dsa-2026-047)

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

4.3.0.0 or later

CWECWE-798

PublishedMay 11, 2026

Last enriched10h agov2

Trending Score62

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-32658

CVE-2026-32658: Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged att

MEDIUMCVE-2026-26946

CVE-2026-26946: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege

MEDIUMCVE-2025-43992

CVE-2025-43992: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication byp

MEDIUMCVE-2026-35157

CVE-2026-35157: Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutraliz

Multiple Vulnerabilities in Dell PowerScale, Elastic Cloud Storage, and ObjectScale

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 11, 2026

Discovered by ZDM

May 11, 2026

Updated: description, activelyExploited

May 11, 2026

Actively Exploited

May 11, 2026

Patch Available

May 11, 2026

Version History

v2

Last enriched 10h ago

v2Tier C10h ago

Updated description with more technical detail, marked exploit as not available, and noted that the vulnerability is actively exploited.

descriptionactivelyExploited

via VulDB

v112h ago

Initial creation