Hard-Coded Credentials Vulnerability in Dell ECS and ObjectScale Products
CVE-2026-40636

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Ecs; Objectscale
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-40636?

Dell ECS and Dell ObjectScale products have a vulnerability that stems from the use of hard-coded credentials. This issue affects versions 3.8.1.0 through 3.8.1.7 of Dell ECS and any version of Dell ObjectScale prior to 4.3.0.0. An unauthenticated attacker with local access could potentially exploit this flaw, granting them filesystem access. This situation poses a significant security risk, allowing unauthorized manipulation and exposure of sensitive information.

Affected Version(s)

ECS 0 < 4.3.0.0 or later

ObjectScale 0 < 4.3.0.0 or later

References

https://www.dell.com/support/kbdoc/en-us/000462117/dsa-20...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-40636 Data

JSON