LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-40636

CVE-2026-40636 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 12, 2026

Dell ECS & ObjectScale - Hardcoded Credentials

Published: May 11, 2026Updated: May 12, 2026Remote Exploitable

Overview

Dell ECS 3.8.1.0 through 3.8.1.7 and Dell ObjectScale prior to 4.3.0.0 contain a hardcoded credentials vulnerability, letting unauthenticated local attackers access the filesystem, exploit requires local access.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 7.4%(Probability of exploitation in next 30 days)

Impact

Unauthenticated local attackers can access the filesystem, potentially leading to data exposure or modification.

Mitigation

Update Dell ECS to above 3.8.1.7 and Dell ObjectScale to 4.3.0.0 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
May 11, 2026

šŸ”“ CVE-2026-40636 - Critical (9.8) Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40636/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
May 11, 2026

šŸšØ CRITICAL: CVE-2026-40636 in Dell ECS & ObjectScale (CVSS 9.8) exposes systems via hard-coded credentials. Local attackers may gain full access. Restrict local access & monitor logs. Await vendor patch. Details: https://radar.offseq.com/threat/cve-2026-40636-cwe-798-use-of-hard-coded-credentia-8faf08fe #OffSeq #Dell #Vuln #InfoSec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 11, 2026

šŸ”“ CVE-2026-40636 - Critical (9.8) Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40636/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
May 11, 2026

šŸšØ CRITICAL: CVE-2026-40636 in Dell ECS & ObjectScale (CVSS 9.8) exposes systems via hard-coded credentials. Local attackers may gain full access. Restrict local access & monitor logs. Await vendor patch. Details: https://radar.offseq.com/threat/cve-2026-40636-cwe-798-use-of-hard-coded-credentia-8faf08fe #OffSeq #Dell #Vuln #InfoSec

View original post

Related Resources

Details

CVE ID
CVE-2026-40636
Severity
Critical
CVSS Score
9.8
Type
hardcoded_credentials
Status
confirmed
EPSS
7.4%
Social Posts
4

CWE

  • CWE-798

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.4%Probability of exploitation in the next 30 days