Description
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-02-19
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Elevation of Privileges
Action: Apply Patch
AI Analysis

Impact

Dell PowerProtect Data Manager versions earlier than 19.22 contain an Incorrect Privilege Assignment flaw that allows a low‑privileged attacker with remote access to gain higher privileges. The vulnerability can lead to unauthorized modification of system configuration, data, or further compromise of the environment.

Affected Systems

The affected product is Dell PowerProtect Data Manager for all versions prior to 19.22. Management is typically performed over the network, so users with compromised or weak credentials can launch the attack.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. The EPSS score is reported as less than 1% and the vulnerability is not listed in CISA's KEV catalog, suggesting that exploitation is currently unlikely but possible. Remote attackers who can reach the Data Manager interface and have a low‑privilege account are the likely threat actors. While no exploit is known, the flaw can be abused to elevate privileges and potentially gain full control over the data protection system.

Generated by OpenCVE AI on April 17, 2026 at 18:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Dell PowerProtect Data Manager 19.22 security update or later, as referenced in the Dell Support Knowledge Base.
  • Revoke or restrict any unnecessary remote accounts and enforce least‑privilege principles for local and remote users.
  • Apply network segmentation or firewall rules to limit external access to the Data Manager management interfaces.

Generated by OpenCVE AI on April 17, 2026 at 18:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Title Unauthorized Elevation of Privileges via Incorrect Privilege Assignment in Dell PowerProtect Data Manager

Thu, 26 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Manager
Vendors & Products Dell
Dell powerprotect Data Manager

Thu, 19 Feb 2026 09:30:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Dell Powerprotect Data Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:14.633Z

Reserved: 2026-01-07T06:43:46.536Z

Link: CVE-2026-22267

cve-icon Vulnrichment

Updated: 2026-02-20T13:56:24.472Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T10:16:11.800

Modified: 2026-02-20T16:33:47.890

Link: CVE-2026-22267

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:15:26Z

Weaknesses