External risk intelligence

Dell ECS and ObjectScale could allow an external attacker to take control of systems

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-35157

An external attacker can exploit a flaw in Dell ECS and ObjectScale by injecting malicious strings into data that the application includes in reports. If a user opens these generated files, the attacker could gain unauthorized command execution, potentially compromising stored data and credentials.

2Halo Surface Signal

Dell Elastic Cloud Storage

3.8.1.0 to before 4.3.0.0before 4.3.0.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-35157

Dell ECS and ObjectScale are enterprise storage management systems. Their web-based management interfaces are typically deployed within restricted internal networks, private data centers, or behind VPNs, rather than being directly exposed to the public internet as a standard deployment pattern.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in Dell ECS and ObjectScale could allow an attacker to execute code remotely. The issue stems from how the system processes certain data inputs, making it a critical concern for affected systems.

  • Allows remote code execution.
  • Affects critical data storage systems.
  • Could impact data integrity and availability.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker with remote access could exploit this vulnerability by crafting malicious input within a CSV file processed by the UI. This could lead to the execution of arbitrary code on the targeted Dell ECS or ObjectScale systems. The attacker would not need any prior credentials or access to the system.

  • Remote, unauthenticated access required.
  • Vulnerable UI CSV processing.
  • Malicious input triggers execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in Dell ECS and ObjectScale allows unauthenticated remote attackers to execute code, a severe outcome. However, these are enterprise storage systems, typically not directly exposed to the internet, reducing immediate widespread exploitation. Attackers may target specific organizations if they identify an unpatched, externally accessible instance.

  • Exploitation requires direct network access.
  • No public exploits are currently observed.
  • No KEV listing is present.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Focus on identifying and isolating Dell ECS and ObjectScale instances that are accessible externally, as this vulnerability has a CVSS score of 9.8 and allows for remote code execution. Teams should prioritize locating affected systems and assessing their exposure, especially if they are directly reachable from the internet.

  • Block external access to affected systems.
  • Monitor for unusual network activity.
  • Apply Dell security updates when available.

Frequently asked questions

What is Dell Elastic Cloud Storage (ECS)?

Dell ECS is an enterprise storage management system designed for data storage and management. It is used for storing and accessing large volumes of data, often in cloud environments.

What is the weakness in CVE-2026-35157?

CVE-2026-35157 is a "CWE-1236: Improper Neutralization of Formula Elements in a CSV File" vulnerability. This means the software doesn't properly handle special characters within CSV files, potentially allowing malicious code to be interpreted and executed.

How could an attacker exploit this Dell vulnerability?

An unauthenticated attacker with remote access could exploit this by sending specially crafted input through the user interface that processes CSV files. If the system does not properly neutralize formula elements in this input, it could lead to unintended code execution. The vulnerability is not triggered if the CSV file is not processed by the UI.

Who should care about CVE-2026-35157?

Organizations running Dell ECS or ObjectScale should care. While these systems are typically internal, if an instance is unexpectedly exposed to the internet, it presents an external attack surface.

What is the first step for running Dell ECS or ObjectScale?

The first step is to identify if your Dell ECS or ObjectScale systems are accessible from the internet. If they are, immediate action should be taken to restrict external access and plan for applying security updates from Dell.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified