{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22273", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-07T06:43:46.537Z", "datePublished": "2026-01-23T09:14:38.455Z", "dateUpdated": "2026-02-26T14:44:23.966Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ObjectScale", "vendor": "Dell", "versions": [{"lessThan": "4.2.0.0", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "datePublic": "2026-01-19T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.<br>"}], "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1392", "description": "CWE-1392: Use of Default Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-01-23T09:14:38.455Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22273", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-24T04:55:39.680529Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:23.966Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22273", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-24T04:55:39.680529Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T15:16:40.212Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "ObjectScale", "versions": [{"status": "affected", "version": "N/A", "lessThan": "4.2.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-01-19T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1392", "description": "CWE-1392: Use of Default Credentials"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-01-23T09:14:38.455Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22273", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:23.966Z", "dateReserved": "2026-01-07T06:43:46.537Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-01-23T09:14:38.455Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FFE0BD5-DC60-46D3-9A26-6E82DBB982EC", "versionEndExcluding": "4.2.0.0", "versionStartIncluding": "3.8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*", "matchCriteriaId": "25F884EC-C7A1-4734-8C17-08BFF2046175", "versionEndExcluding": "4.2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges."}], "id": "CVE-2026-22273", "lastModified": "2026-02-18T13:55:12.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-01-23T10:15:53.317", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory", "Mitigation"], "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:11:51.221746+00:00", "value": {"mitigation_remediation": ["Apply the Dell ECS and ObjectScale security update (Dell Security Advisory 2026\u2011047) to all affected versions (ECS 3.8.1.0\u20133.8.1.7, ObjectScale <4.2.0.0).", "Immediately disable or change all default credentials on every node, ensuring unique, strong passwords and proper access controls are enforced.", "Configure centralized monitoring to detect attempts to use default credentials and review logs for anomalous remote authentication activity."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected products are Dell Elastic Cloud Storage version 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.2.0.0. These versions run on Dell's integrated storage platform, exposing the default credential risk across all nodes within those deployments.", "description_and_impact": "The vulnerability originates from use of default credentials within the operating system of Dell ECS and ObjectScale. Because default credentials are left unchanged, an attacker who already has low\u2011privileged remote access can trigger an elevation of privileges, potentially gaining higher administrative rights without needing to bypass authentication. This can compromise confidentiality, integrity, and availability of the data stored within the impacted ObjectScale services.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high impact severity, while the EPSS score of less than 1% suggests a low current probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote, although the exact network requirements are not stated, so the inference is that the attacker must be able to reach the target via the network and possess at least low\u2011privileged credentials. Once the attacker authenticates using default credentials, privilege escalation may ensue. Documentation does not indicate additional prerequisites, so successful exploitation should result from the presence of unchanged default passwords."}}}}, "created": "2026-01-23T16:27:33.567976+00:00", "updated": "2026-04-18T03:15:35.431505+00:00", "vendors": ["dell", "dell$PRODUCT$objectscale"]}