Skip to main content

Dell EUVD-2026-20468

| CVE-2026-28261 HIGH
Insertion of Sensitive Information into Log File (CWE-532)
2026-04-08 dell
Information Disclosure Dell Elastic
7.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:02 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
4.1.0.3,4.2.0.1
EUVD ID Assigned
Apr 08, 2026 - 13:16 euvd
EUVD-2026-20468
Analysis Generated
Apr 08, 2026 - 13:16 vuln.today
CVE Published
Apr 08, 2026 - 12:43 nvd
HIGH 7.8

DescriptionNVD

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.

AnalysisAI

Local privilege escalation in Dell Elastic Cloud Storage (≤3.8.1.7) and ObjectScale (<4.1.0.3, =4.2.0.0) allows authenticated users with low privileges to extract credentials from log files and escalate to compromised account privileges. CVSS 7.8 (High). …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all systems running Dell Elastic Cloud Storage ≤3.8.1.7 or ObjectScale <4.1.0.3 and =4.2.0.0 in your environment. Within 7 days: Apply vendor patches (Elastic Cloud Storage 3.8.1.8 or later; ObjectScale 4.1.0.3 or 4.2.0.1 or later). …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-42398 HIGH
7.7 May 28

Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypa
CVE-2026-33464 MEDIUM
6.5 May 28

Denial of service in Kibana allows any authenticated low-privileged user to render the Kibana service unresponsive for a
CVE-2026-42399 MEDIUM
6.5 May 28

Denial of service in Elastic Kibana allows an authenticated low-privileged user to crash the Kibana service and deny acc
CVE-2026-42400 MEDIUM
6.5 May 28

Denial of service in Kibana allows any authenticated user to crash or render unresponsive a Kibana instance by sending a
CVE-2026-49094 MEDIUM
6.5 May 28

Denial of service in Kibana's analytics collections management endpoint allows any authenticated user with viewer-level

Share

EUVD-2026-20468 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy