{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22271", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-07T06:43:46.537Z", "datePublished": "2026-01-23T08:54:16.081Z", "dateUpdated": "2026-02-26T14:44:24.284Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ObjectScale", "vendor": "Dell", "versions": [{"lessThan": "4.2.0.0", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "datePublic": "2026-01-19T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "&nbsp; Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.<br>"}], "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-01-23T08:54:16.081Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22271", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-24T04:55:18.304905Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:24.284Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22271", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-24T04:55:18.304905Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T15:17:11.715Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "ObjectScale", "versions": [{"status": "affected", "version": "N/A", "lessThan": "4.2.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-01-19T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.", "supportingMedia": [{"type": "text/html", "value": "&nbsp; Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-01-23T08:54:16.081Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22271", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:24.284Z", "dateReserved": "2026-01-07T06:43:46.537Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-01-23T08:54:16.081Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FFE0BD5-DC60-46D3-9A26-6E82DBB982EC", "versionEndExcluding": "4.2.0.0", "versionStartIncluding": "3.8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*", "matchCriteriaId": "25F884EC-C7A1-4734-8C17-08BFF2046175", "versionEndExcluding": "4.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure."}], "id": "CVE-2026-22271", "lastModified": "2026-02-18T13:55:05.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-01-23T09:15:48.030", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory", "Mitigation"], "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:12:09.406240+00:00", "value": {"mitigation_remediation": ["Apply the Dell ECS and ObjectScale security update (DSA\u20112026\u2011047) as published by Dell to fix the cleartext transmission flaw.", "Verify that all ECS and ObjectScale services are configured to use TLS/SSL and that no cleartext channels are available for sensitive data.", "Ensure network access to ECS/ObjectScale is restricted to authorized hosts, and monitor for any unauthorized remote connections."], "summary": {"action": "Patch Immediately", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "Dell ECS releases 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions earlier than 4.2.0.0 are impacted. Administrators should verify the product and version to determine if their environment is affected.", "description_and_impact": "This vulnerability allows an attacker to transmit sensitive data in cleartext, enabling exposure of confidential information. The flaw exists due to improper encryption handling, allowing cleartext transmission that could be intercepted or accessed by an unauthenticated remote user. The weakness is classified as CWE\u2011319.", "risk_and_exploitability": "The CVSS score of 7.5 reflects a high impact of confidentiality loss. The EPSS score of less than 1% suggests a low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. The attack requires remote unauthenticated access, making it relatively easy to attempt but still limited to information disclosure rather than code execution."}}}}, "created": "2026-01-26T11:54:48.901535+00:00", "title": "Cleartext Transmission of Sensitive Information in Dell ECS and ObjectScale", "updated": "2026-04-18T03:15:35.433845+00:00", "vendors": ["dell", "dell$PRODUCT$ecs_streamer", "dell$PRODUCT$objectscale"]}