What is the CVSS score of CVE-2026-35157?

CVE-2026-35157 has a CVSS 3.1 base score of 5.8 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L. EPSS exploitation probability: 0.1%.

Is there a patch available for CVE-2026-35157?

Yes, a patch is available for CVE-2026-35157. Update the affected software to the latest version immediately.

Dell ECS and ObjectScale CVE-2026-35157

EUVD-2026-29045 MEDIUM

Improper Neutralization of Formula Elements in a CSV File (CWE-1236)

2026-05-11 dell

GHSA-vm5f-653c-mwv3

Information Disclosure Dell

5.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch available

May 11, 2026 - 11:01 EUVD

Analysis Generated

May 11, 2026 - 10:32 vuln.today

CVE Published

May 11, 2026 - 09:33 nvd

MEDIUM 5.8

DescriptionNVD

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.

AnalysisAI

Remote code execution in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.3.0.0 via improper neutralization of formula elements in CSV files processed by the UI. Unauthenticated remote attackers can exploit this vulnerability with user interaction (formula injection attack) to achieve remote execution with limited confidentiality, integrity, and availability impact. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2025-26483 MEDIUM This Month

6.1 May 22

Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft

CVE-2025-32751 MEDIUM This Month

5.5 May 22

Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-p

CVE-2025-32747 MEDIUM This Month

5.3 May 22

Incorrect Privilege Assignment in Dell PowerFlex Manager version 4.6.2 and earlier (both Appliance and Rack form factors

CVE-2025-32749 MEDIUM This Month

5.3 May 22

Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate director

CVE-2025-32745 MEDIUM This Month

4.2 May 22

Improper certificate validation in Dell PowerFlex Manager version 4.6.2 and earlier allows an unauthenticated attacker o

CVE-2026-35157 vulnerability details – vuln.today

Back