Description
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.
Published: 2026-02-19
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Incorrect Privilege Assignment
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an incorrect privilege assignment that permits a low‑privileged attacker with remote access to terminate the Dell Enterprise Support connection, causing a service interruption. This flaw is classified as CWE‑266, reflecting insufficient access controls that can disrupt availability for the affected system.

Affected Systems

Dell PowerProtect Data Manager versions earlier than 19.22 are impacted. The vulnerability applies to any installation of the product that has not been updated to 19.22 or later, regardless of environment.

Risk and Exploitability

The reported CVSS score of 6.3 indicates medium severity, and the EPSS score is below 1 %, suggesting a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, which further implies no known active exploitation. However, a remote attacker with low privileges could attempt to exploit this flaw to disrupt the Enterprise Support connection if network access to the PowerProtect environment is available. The critical factors are the remote access requirement and the lack of proper privilege enforcement.

Generated by OpenCVE AI on April 17, 2026 at 18:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerProtect Data Manager security update DSA-2026-046 to upgrade the product to version 19.22 or newer.
  • Revoke excessive permissions and enforce the principle of least privilege so that only authorized users can access the Enterprise Support connection.
  • If an immediate upgrade is not feasible, restrict remote access to the PowerProtect Data Manager instance, isolate the service from external networks, and monitor logs for any privilege escalation attempts.

Generated by OpenCVE AI on April 17, 2026 at 18:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Title Incorrect Privilege Assignment Leading to Denial of Service in Dell PowerProtect Data Manager

Fri, 20 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Manager
Vendors & Products Dell
Dell powerprotect Data Manager

Thu, 19 Feb 2026 09:30:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Dell Powerprotect Data Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-20T16:11:27.190Z

Reserved: 2026-01-07T06:43:46.537Z

Link: CVE-2026-22268

cve-icon Vulnrichment

Updated: 2026-02-20T16:11:20.700Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T10:16:11.963

Modified: 2026-02-20T16:12:18.710

Link: CVE-2026-22268

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:15:26Z

Weaknesses