CVE-2026-35157

Medium

Published: 11 May 2026

Published

11 May 2026

Modified

12 May 2026

KEV Added

—

Patch

—

CVSS Score 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0014 33.6th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35157 is a medium-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Dell Elastic Cloud Storage. Its CVSS base score is 5.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

CWE-1236 CSV formula injection in a remote UI enables unauthenticated exploitation of a public-facing app (T1190) and delivery of a malicious file for user-triggered code execution (T1204.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading…

to remote execution.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-1236

Affected Products

dell

elastic cloud storage

3.8.1.0 — 4.3.0.0

dell

objectscale

≤ 4.3.0.0

CVEs Like This One

CVE-2026-22273Same product: Dell Elastic Cloud Storage

CVE-2026-28261Same product: Dell Elastic Cloud Storage

CVE-2026-40636Same product: Dell Elastic Cloud Storage

CVE-2026-22271Same product: Dell Elastic Cloud Storage

CVE-2025-55745Shared CWE-1236

CVE-2026-27101Same vendor: Dell

CVE-2025-43995Same vendor: Dell

CVE-2024-49601Same vendor: Dell

CVE-2024-45084Shared CWE-1236

CVE-2026-26944Same vendor: Dell

References

https://www.dell.com/support/kbdoc/en-us/000462117/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities-1
Vendor Advisory · security_alert@emc.com