CVE-2025-26478

Low CVSS 3.1

Overview

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

CWE: CWE-295 Published: 2025-04-17T12:15:15.307

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.1 (LOW)
Detected tags: crypto, info_leak, unauth_access (tag impact: HIGH)

Recommended actions:

Drop weak ciphers/protocols; prefer modern, safe defaults.
Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags