Other information and services of the government: www.belgium.be Centre for Cybersecurity Belgium

Warning: Critical information disclosure vulnerability in Dell Container Storage Modules can be used to exfiltrate data and perform lateral movement. Patch Immediately!

Image
Decorative image
Published : 28/05/2026
  • Last update: 28/05/2026
  • Affected software: Dell Container Storage Modules
  • Type: Information Disclosure
  • CVE/CVSS
    → CVE-2026-40710: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Sources

Dell Advisory - https://www.dell.com/support/kbdoc/en-re/000467149/dsa-2026-234-security-update-for-dell-container-storage-modules-hard-coded-credentials-vulnerability

Risks

Dell released an advisory for CVE-2026-40710. This vulnerability exposes default, hardcoded authentication credentials in public source code. This leaves organisations vulnerable to information disclosure if a remote threat actor exploits this vulnerability to access sensitive system components.

Dell Container Storage Modules are storage features for Kubernetes clusters. They hold sensitive information which could be valuable for threat actors to steal. An attacker could also target a storage module to use as a pivot point to further compromise an organisation.

Dell considers CVE-2026-40710 to be critical as it exposes default authentication credentials present in public source code. The public nature of the exposure can make exploitation easier and more likely as any attacker can immediately obtain and use these credentials without requiring any additional privileges or complex attack techniques.

Description

CVE-2026-40710 is a use of hard-coded credentials vulnerability in Dell Container Storage Modules. This vulnerability exposes hardcoded authentication credentials in public source code repositories, enabling unauthorised access to sensitive system components.

Attackers could leverage stolen hardcoded credentials to compromise authentication sessions, exfiltrate cached data, and potentially pivot to additional services within the infrastructure.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.