प्लेटफ़ॉर्म
dell
घटक
dell-elastic-cloud-storage
में ठीक किया गया
4.1.0.3
4.2.0.1
CVE-2026-28261 describes an Insertion of Sensitive Information into Log File vulnerability affecting Dell Elastic Cloud Storage and Dell ObjectScale. A low-privileged attacker with local access can potentially exploit this flaw to expose secrets stored within log files, potentially leading to unauthorized access. This vulnerability impacts versions of Dell Elastic Cloud Storage from 0.0.0 through 4.2.0.1 and Dell ObjectScale versions prior to 4.1.0.3 and version 4.2.0.0. A patch is available for Dell Elastic Cloud Storage 4.2.0.1 and later.
CVE-2026-28261 in Dell Elastic Cloud Storage and Dell ObjectScale allows a local attacker to insert sensitive information into log files. This could result in the exposure of secrets, such as passwords or access keys, which could be used to access the system with the compromised account’s privileges. The CVSS score of 7.8 indicates a moderately high risk. Affected versions include Elastic Cloud Storage 3.8.1.7 and prior, and ObjectScale versions prior to 4.1.0.3 and version 4.2.0.0. Successful exploitation of this vulnerability could compromise the confidentiality and integrity of data stored on the system.
An attacker with local access to the system, even with limited privileges, can exploit this vulnerability. This could be a malicious insider or an attacker who has gained physical access to the device. The attacker could inject malicious commands or data that would be logged into the log files, thereby exposing sensitive information. The root cause of this vulnerability is a lack of proper input validation before writing data to log files. Exploitation does not require an external network connection, making it particularly dangerous in environments where local access is not properly controlled.
एक्सप्लॉइट स्थिति
EPSS
0.01% (2% शतमक)
CISA SSVC
CVSS वेक्टर
To mitigate the risk associated with CVE-2026-28261, Dell recommends upgrading Elastic Cloud Storage to version 4.2.0.1 or later, or ObjectScale to version 4.1.0.3 or later. These updates include fixes that prevent the insertion of sensitive information into log files. Additionally, review and strengthen local access policies to the system to limit the risk of unauthorized access. Monitoring log files for suspicious activity can also help detect and respond to potential attacks. Timely application of these measures is crucial to protect data and infrastructure for Dell Elastic Cloud Storage and ObjectScale.
Aplique la actualización de seguridad DSA-2026-143 proporcionada por Dell para Dell Elastic Cloud Storage a la versión 4.1.0.3 o posterior, o para Dell ObjectScale a la versión 4.2.0.1 o posterior. Esta actualización corrige la vulnerabilidad de inserción de información confidencial en los archivos de registro.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
Elastic Cloud Storage 3.8.1.7 and prior, and ObjectScale versions prior to 4.1.0.3 and version 4.2.0.0.
Check the version of your Elastic Cloud Storage or ObjectScale. If it is prior to the recommended versions for mitigation, it is vulnerable.
Passwords, access keys, and other sensitive information that is logged in the system’s log files.
Restricting local access to the system and monitoring log files for suspicious activity can help mitigate the risk.
Consult the release notes for Dell Elastic Cloud Storage and ObjectScale, or contact Dell technical support.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।