Is Dell affected by CVE-2026-28261?

Dell Elastic Cloud Storage and ObjectScale contain a local privilege escalation vulnerability affecting versions 3.8.1.7 and earlier, and ObjectScale versions before 4.1.0.3 (excluding 4.2.0.0), allowing authenticated low-privilege users to extract sensitive credentials from log files and gain…

CVE-2026-28261

Q: How to fix CVE-2026-28261?

Within 24 hours: Inventory all Dell Elastic Cloud Storage and ObjectScale deployments and document current versions. Within 7 days: Restrict local access and administrative privileges to minimum necessary users; enable comprehensive audit logging for privilege escalation attempts; isolate multi-tenant environments where feasible. Within 30 days: Apply vendor patches immediately upon availability-monitor Dell security advisories for patched versions of ECS ≥3.8.1.8 and ObjectScale ≥4.1.0.3 (avoid 4.2.0.0); validate patches in non-production environments before deployment.

EUVD-2026-20468 HIGH

2026-04-08 dell

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 08, 2026 - 13:16 euvd

EUVD-2026-20468

Analysis Generated

Apr 08, 2026 - 13:16 vuln.today

CVE Published

Apr 08, 2026 - 12:43 nvd

HIGH 7.8

Description

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.

Analysis

Local privilege escalation in Dell Elastic Cloud Storage (≤3.8.1.7) and ObjectScale (<4.1.0.3, =4.2.0.0) allows authenticated users with low privileges to extract credentials from log files and escalate to compromised account privileges. CVSS 7.8 (High). …

Remediation

Within 24 hours: Inventory all Dell Elastic Cloud Storage and ObjectScale deployments and document current versions. Within 7 days: Restrict local access and administrative privileges to minimum necessary users; enable comprehensive audit logging for privilege escalation attempts; isolate multi-tenant environments where feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2026-28261 vulnerability details – vuln.today

Back

CVE-2026-28261

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-28261

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code