CVE-2026-22273 is a vulnerability classified under CWE-1392, indicating the use of default credentials in Dell ObjectScale and Dell ECS storage products. Specifically, versions 3.8.1.0 through 3.8.1.7 of Dell ECS and versions prior to 4.2.0.0 of Dell ObjectScale contain default credentials that are either hardcoded or not properly changed during deployment. This flaw allows an attacker with low privileges and remote network access to authenticate using these default credentials, bypassing normal authentication controls. Once authenticated, the attacker can escalate privileges, potentially gaining administrative control over the storage system. This can lead to unauthorized data access, data manipulation, or disruption of storage availability. The vulnerability does not require user interaction and has a low attack complexity, making it relatively easy to exploit if the default credentials remain unchanged. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, combined with network attack vector and low privileges required. Although no known exploits have been reported in the wild, the presence of default credentials is a well-known security risk that can be leveraged by attackers to compromise enterprise storage environments.

For European organizations, this vulnerability poses a significant risk to data security and operational continuity. Dell ObjectScale and ECS are used in enterprise storage environments, often hosting critical business data and applications. Exploitation could lead to unauthorized data disclosure, modification, or deletion, severely impacting confidentiality and integrity. Availability could also be affected if attackers disrupt storage services or delete critical data. Sectors such as finance, healthcare, government, and telecommunications, which rely heavily on secure and reliable storage, are particularly vulnerable. The ability for a low-privileged remote attacker to escalate privileges increases the threat landscape, potentially enabling lateral movement within networks. This could result in broader compromise beyond the initial storage system. The lack of user interaction and low attack complexity further increase the likelihood of exploitation if default credentials are not changed. European organizations that have not yet updated or audited their Dell ObjectScale or ECS deployments are at heightened risk.

Immediate mitigation steps include auditing all Dell ObjectScale and ECS deployments to identify and change any default credentials. Administrators should enforce strong, unique passwords for all accounts and disable or remove any unused default accounts. Network segmentation and strict access controls should be implemented to limit remote access to storage management interfaces. Monitoring and logging should be enhanced to detect any unauthorized login attempts or suspicious activities. Dell should be contacted for official patches or updates, and organizations should prioritize upgrading to versions 4.2.0.0 or later for ObjectScale and beyond 3.8.1.7 for ECS once available. Additionally, implementing multi-factor authentication (MFA) for management interfaces can reduce the risk of credential-based attacks. Regular vulnerability assessments and penetration testing focused on storage systems will help identify residual risks. Finally, organizations should update incident response plans to include scenarios involving storage system compromise.