Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-35157: Dell ECS and ObjectScale UI Formula Vulnerability
CVE-2026-35157
Summary
Dell ECS and ObjectScale software have a security flaw in their user interface that could allow an attacker to run unauthorized code remotely. This could potentially lead to unauthorized access or data theft. Dell recommends updating to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| dell | elastic_cloud_storage |
>= 3.8.1.0, < 4.3.0.0 cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:* |
| dell | objectscale |
< 4.3.0.0 cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:* |
Original title
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthent...
Original description
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.
nvd CVSS3.1
5.8
Vulnerability type
CWE-1236
Published: 11 May 2026 · Updated: 28 May 2026 · First seen: 11 May 2026