Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.

CVE Database V5

Detailed information about CVE-2026-28261: CWE-532: Insertion of Sensitive Information into Log File in Dell Elastic Cloud Storage affecting Dell Elastic Cloud 

CVE-2026-28261: CWE-532: Insertion of Sensitive Information into Log File in Dell Elastic Cloud Storage - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-28261: CWE-532: Insertion of Sensitive Information into Log File in Dell Elastic Cloud Storage

CVE-2026-5302 is a medium severity vulnerability in CoolerControl's coolercontrold versions prior to 4. 0. 0. It involves a Cross-Origin Resource Sharing (CORS) misconfiguration that permits unauthenticated remote attackers to read data and send commands to the service via malicious websites. The vulnerability arises from a permissive cross-domain policy allowing untrusted domains to interact with the service. There is no official patch or remediation level currently confirmed by the vendor. No known exploits are reported in the wild at this time.

This vulnerability (CVE-2026-5302) is due to a CORS misconfiguration in coolercontrold versions before 4.0.0, which allows unauthorized remote attackers to bypass same-origin policy restrictions. By exploiting the permissive cross-domain policy, attackers can perform unauthorized read and command operations on the service through malicious websites. The issue is classified under CWE-942 (Permissive Cross-domain Policy with Untrusted Domains). The CVSS v3.1 base score is 6.3, indicating a medium severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability.

Detailed information about CVE-2026-5302: CWE-942: Permissive Cross-domain Policy with Untrusted Domains in CoolerControl coolercontrold affecting CoolerControl

CVE-2026-5302: CWE-942: Permissive Cross-domain Policy with Untrusted Domains in CoolerControl coolercontrold - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-5302: CWE-942: Permissive Cross-domain Policy with Untrusted Domains in CoolerControl coolercontrold

CVE-2026-5301 is a stored cross-site scripting (XSS) vulnerability in the log viewer component of CoolerControl's coolercontrol-ui versions prior to 4. 0. 0. This flaw allows unauthenticated attackers to inject malicious JavaScript into log entries, which can then execute in the context of the service. Exploitation could lead to service takeover through script execution. The vulnerability has a high severity rating with a CVSS score of 7. 6. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.

This vulnerability involves improper neutralization of input during web page generation (CWE-79) in the coolercontrol-ui log viewer prior to version 4.0.0. Specifically, stored XSS occurs when malicious JavaScript is injected into log entries, which are then rendered without proper sanitization, allowing execution of attacker-controlled scripts. The vulnerability is remotely exploitable without authentication and requires user interaction (UI:R). The impact includes partial confidentiality loss, high integrity impact, and low availability impact as per the CVSS vector.

Detailed information about CVE-2026-5301: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CoolerControl coolerco

CVE-2026-5301: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CoolerControl coolercontrol-ui - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-5301: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CoolerControl coolercontrol-ui

CVE-2026-5300 is a medium severity vulnerability in CoolerControl's coolercontrold version 0. 14. 0 and earlier. It involves missing authentication for critical functions, allowing unauthenticated attackers to view and modify potentially sensitive data via HTTP requests. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function). No official patch or remediation guidance is currently available from the vendor, and there are no known exploits in the wild at this time.

This vulnerability in coolercontrold versions prior to 4.0.0 allows unauthenticated attackers to access and modify sensitive data through HTTP requests due to missing authentication controls on critical functions. The CVSS v3.1 base score is 5.9, reflecting local attack vector, low attack complexity, no privileges required, no user interaction, and impacts on confidentiality, integrity, and availability. The absence of authentication on critical functions represents a significant security weakness that could lead to unauthorized data exposure and modification.

Detailed information about CVE-2026-5300: CWE-306: Missing Authentication for Critical Function in CoolerControl coolercontrold affecting CoolerControl coolerco

CVE-2026-5300: CWE-306: Missing Authentication for Critical Function in CoolerControl coolercontrold - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-5300: CWE-306: Missing Authentication for Critical Function in CoolerControl coolercontrold

Detailed information about CVE-2026-4402. Get real-time updates, technical details, and mitigation strategies.

CVE-2026-4402

CVE-2026-4402

Technical Details

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

CVE-2026-4402

CVE-2026-4402

Technical Details

Community Reviews

Related Threats

CVE-2026-28261: CWE-532: Insertion of Sensitive Information into Log File in Dell Elastic Cloud Storage

CVE-2026-5302: CWE-942: Permissive Cross-domain Policy with Untrusted Domains in CoolerControl coolercontrold

CVE-2026-5301: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CoolerControl coolercontrol-ui

CVE-2026-5300: CWE-306: Missing Authentication for Critical Function in CoolerControl coolercontrold

CVE-2026-27102: CWE-266: Incorrect Privilege Assignment in Dell PowerScale OneFS

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility