{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28261", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-02-25T18:04:25.462Z", "datePublished": "2026-04-08T12:43:54.291Z", "dateUpdated": "2026-04-08T13:55:42.284Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-08T12:43:54.291Z"}, "datePublic": "2026-04-05T18:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "Elastic Cloud Storage", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2.0.1 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "ObjectScale", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.0.3", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.2.0.1 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale,\u00a0versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449325/dsa-2026-143-security-update-for-dell-objectscale-prior-to-4-1-0-3-and-4-2-0-0-insertion-of-sensitive-information-into-log-file-vulnerability", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T13:55:34.659222Z", "id": "CVE-2026-28261", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T13:55:42.284Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28261", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T13:55:34.659222Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T13:55:38.761Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Elastic Cloud Storage", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2.0.1 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "ObjectScale", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.0.3", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.2.0.1 or later", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-05T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449325/dsa-2026-143-security-update-for-dell-objectscale-prior-to-4-1-0-3-and-4-2-0-0-insertion-of-sensitive-information-into-log-file-vulnerability", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale,\u00a0versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.", "supportingMedia": [{"type": "text/html", "value": "Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-08T12:43:54.291Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28261", "state": "PUBLISHED", "dateUpdated": "2026-04-08T13:55:42.284Z", "dateReserved": "2026-02-25T18:04:25.462Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-08T12:43:54.291Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale,\u00a0versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account."}], "id": "CVE-2026-28261", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-08T13:16:41.533", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000449325/dsa-2026-143-security-update-for-dell-objectscale-prior-to-4-1-0-3-and-4-2-0-0-insertion-of-sensitive-information-into-log-file-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.2.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Elastic Cloud Storage", "source": "cna", "vendor": "Dell"}, "product": "elastic_cloud_storage", "vendor": "dell"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.1.0.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.2.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ObjectScale", "source": "cna", "vendor": "Dell"}, "product": "objectscale", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-08T14:37:21.648457+00:00", "value": {"mitigation_remediation": ["Install the Dell security update DSA-2026-143 for Elastic Cloud Storage and ObjectScale.", "Verify that your environment runs a patched version, or upgrade to a fixed release if available.", "Restrict local user privileges to prevent log\u2011injection opportunities.", "Audit existing logs for unexpected sensitive data and delete any exposed entries.", "Apply proper logging controls to ensure sensitive information is masked or omitted."], "summary": {"action": "Apply Patch", "impact": "Exposes sensitive information via log file insertion to local low\u2011privilege attackers"}, "threat_synthesis": {"affected_systems": "Dell Elastic Cloud Storage versions 3.8.1.7 and earlier, and Dell ObjectScale versions earlier than 4.1.0.3 and version 4.2.0.0 are affected. Updates to later releases address the issue.", "description_and_impact": "The vulnerability allows a low\u2011privileged user with local access to cause Dell Elastic Cloud Storage and Dell ObjectScale to write sensitive data, such as authentication tokens or secrets, into log files. This is a classic insertion of sensitive information into logs weakness and can lead to secret disclosure. The exposed information can be used by the attacker to gain higher privileges or compromise the system further, compromising confidentiality and integrity.", "risk_and_exploitability": "The CVSS score of 7.8 indicates high severity. No EPSS score is reported and the vulnerability is not listed in CISA's KEV catalog, suggesting no publicly known exploitation yet. However, the attack requires local access at a low privilege level, so any compromised account or insider threat can potentially leverage it. An attacker could injection data into the logging process, resulting in secret leakage and possible escalation to system\u2011wide compromise."}}}}, "created": "2026-04-08T19:27:05.482021+00:00", "title": "Insertion of Sensitive Information into Log File in Dell Elastic Cloud Storage and ObjectScale", "updated": "2026-04-08T19:39:36.945934+00:00", "vendors": ["dell", "dell$PRODUCT$elastic_cloud_storage", "dell$PRODUCT$objectscale"]}