PT-2026-39587 · Dell · Objectscale+1

Published

2026-05-10

·

Updated

2026-05-11

·

CVE-2026-35157

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Dell ECS versions 3.8.1.0 through 3.8.1.7 Dell ObjectScale versions prior to 4.3.0.0
Description The user interface contains an improper neutralization of formula elements in CSV files. This allows an unauthenticated attacker with remote access to perform CSV Formula Injection, which could potentially lead to remote execution.
Recommendations Update Dell ECS to a version later than 3.8.1.7. Update Dell ObjectScale to version 4.3.0.0 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-08719
CVE-2026-35157

Affected Products

Ecs
Objectscale