Home

Description

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.

PUBLISHED Reserved 2026-04-01 | Published 2026-05-11 | Updated 2026-05-11 | Assigner dell




MEDIUM: 5.8CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Problem types

CWE-1236: Improper Neutralization of Formula Elements in a CSV File

Product status

Default status
unaffected

Any version before 4.3.0.0 or later
affected

Default status
unaffected

Any version before 4.3.0.0 or later
affected

References

www.dell.com/...s-and-objectscale-multiple-vulnerabilities-1 vendor-advisory

cve.org (CVE-2026-35157)

nvd.nist.gov (CVE-2026-35157)

Download JSON