CVE-2026-35157
Received Received - Intake
Improper CSV Formula Neutralization in Dell ECS and ObjectScale

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: Dell

Description
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-11
AI Q&A
2026-05-11
EPSS Evaluated
N/A
NVD
CVE-2026-35157
EUVD
EUVD-2026-29045
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dell ecs From 3.8.1.0 (inc) to 3.8.1.7 (inc)
dell objectscale to 4.3.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1236 The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0. It involves improper neutralization of formula elements in a CSV file within the user interface. An unauthenticated attacker with remote access could exploit this flaw, potentially leading to remote code execution.


How can this vulnerability impact me? :

Exploitation of this vulnerability could allow an unauthenticated remote attacker to execute code remotely on the affected system. This could lead to unauthorized access, data manipulation, or disruption of services.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart