Primary

Context

Dell ECS and ObjectScale Inclusion of Sensitive Information in Source Code Vulnerability

Vulnerability

Patched

A vulnerability allowing the inclusion of sensitive information in source code has been identified in Dell ECS versions 3.8.1.0 through 3.8.1.7, and in Dell ObjectScale versions prior to 4.2.0.0. This vulnerability could be exploited by a low-privileged attacker with local access, potentially leading to unauthorized information exposure.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information.

Remediation

Users are advised to upgrade to Dell ECS version 4.2.0.0 or later, or to Dell ObjectScale version 4.2.0.0 or later. For ECS, open a Service Request for an Operating Environment Upgrade and quote DSA-2026-047. For ObjectScale, the same procedure applies.

Added: Jan 23, 2026, 10:18 AM

Updated: Jan 23, 2026, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

3.8

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

3.8

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dell ECS and ObjectScale Inclusion of Sensitive Information in Source Code Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Dell Elastic Cloud Storage

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating