CVE-2026-35157

Medium

Published: 11 May 2026

Published

11 May 2026

Modified

12 May 2026

KEV Added

—

Patch

—

CVSS Score 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0011 29.6th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35157 is a medium-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Dell Elastic Cloud Storage. Its CVSS base score is 5.8 (Medium).

Operationally, ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading…

to remote execution.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-1236

Affected Products

dell

elastic cloud storage

3.8.1.0 — 4.3.0.0

dell

objectscale

≤ 4.3.0.0

References

https://www.dell.com/support/kbdoc/en-us/000462117/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities-1
Vendor Advisory · security_alert@emc.com