Plattform
dell
Komponente
dell-elastic-cloud-storage
Behoben in
4.1.0.3
4.2.0.1
CVE-2026-28261 describes an Insertion of Sensitive Information into Log File vulnerability affecting Dell Elastic Cloud Storage and Dell ObjectScale. A low-privileged attacker with local access can exploit this flaw, potentially leading to the exposure of sensitive secrets. This vulnerability impacts versions 3.8.1.7 and prior of Elastic Cloud Storage, and versions prior to 4.1.0.3 and 4.2.0.0 of ObjectScale. The issue is resolved in versions 4.2.0.1 and later.
Successful exploitation of CVE-2026-28261 allows an attacker with local access to inject sensitive information, such as credentials or API keys, into log files. This exposure can be leveraged to gain unauthorized access to the vulnerable system, effectively elevating privileges to those of the compromised account. The blast radius is limited to the system where the logs are accessible, but the potential for lateral movement within the network depends on the privileges of the compromised account and the network configuration. This vulnerability highlights the importance of secure logging practices and restricting access to sensitive system resources.
CVE-2026-28261 has been published on 2026-04-08. Severity is rated as High (CVSS 7.8). No public exploits or active campaigns have been reported at the time of this writing. The vulnerability is not currently listed on KEV or EPSS, indicating a low to medium probability of exploitation. Monitor security advisories from Dell for updates and further guidance.
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-28261 is to upgrade Dell Elastic Cloud Storage and Dell ObjectScale to version 4.2.0.1 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls to log files, limiting access to only authorized personnel and systems. Review existing logging configurations to ensure sensitive information is not being inadvertently logged. Implement intrusion detection systems (IDS) to monitor for suspicious activity related to log file access. After upgrading, confirm the fix by verifying that sensitive information is no longer being inserted into log files during normal operation.
Aplique la actualización de seguridad DSA-2026-143 proporcionada por Dell para Dell Elastic Cloud Storage a la versión 4.1.0.3 o posterior, o para Dell ObjectScale a la versión 4.2.0.1 o posterior. Esta actualización corrige la vulnerabilidad de inserción de información confidencial en los archivos de registro.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Elastic Cloud Storage 3.8.1.7 and prior, and ObjectScale versions prior to 4.1.0.3 and version 4.2.0.0.
Check the version of your Elastic Cloud Storage or ObjectScale. If it is prior to the recommended versions for mitigation, it is vulnerable.
Passwords, access keys, and other sensitive information that is logged in the system’s log files.
Restricting local access to the system and monitoring log files for suspicious activity can help mitigate the risk.
Consult the release notes for Dell Elastic Cloud Storage and ObjectScale, or contact Dell technical support.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.