Description
Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high privileged DD user. This vulnerability only affects systems with retention lock enabled.
Published: 2026-04-17
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential Exposure
Action: Immediate Patch
AI Analysis

Impact

Dell PowerProtect Data Domain appliances running DD OS Feature Release 8.0 through 8.5 and LTS2025 release 8.3.1.0 through 8.3.1.10 are susceptible to a log injection flaw that can cause sensitive information, such as credentials, to be written to log files. An attacker with low privileges and remote access can exploit this flaw, potentially leaking credentials that the attacker could use to impersonate users or elevate privileges if subsequently authorized by a higher‑privileged user. This vulnerability qualifies as a confidentiality compromise and may enable credential theft.

Affected Systems

The affected products are Dell PowerProtect Data Domain appliances using the Data Domain Operating System versions listed above. Only systems that have the retention lock feature enabled are vulnerable; products without this feature or running unsupported DD OS versions are not impacted.

Risk and Exploitability

The CVSS score of 7.6 indicates a high severity of the flaw. The EPSS score is not available, so the likelihood of exploitation is uncertain, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires remote access to a low‑privileged account and the presence of an enabled retention lock, conditions that may limit opportunistic attacks but still present a serious risk in environments where these features are common. Attackers could proceed by interacting with the appliance over the network and triggering the log recording of sensitive data.

Generated by OpenCVE AI on April 17, 2026 at 10:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerProtect Data Domain security update released in the Dell Support article to patch affected DD OS versions 8.0–8.5 and 8.3.1.0–8.3.1.10.
  • If the retention lock feature is not required for your environment, disable it to eliminate the attack surface; if it must remain enabled, ensure it is properly configured and monitored.
  • Adjust logging configuration to prevent sensitive credentials from being written to log files and perform audit reviews to detect any instances of credential leakage.

Generated by OpenCVE AI on April 17, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Title Sensitive Data Leak via Log Injection in Dell PowerProtect Data Domain
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high privileged DD user. This vulnerability only affects systems with retention lock enabled.
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-17T11:01:10.107Z

Reserved: 2026-01-16T06:05:50.872Z

Link: CVE-2026-23775

cve-icon Vulnrichment

Updated: 2026-04-17T11:01:05.518Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T09:16:05.153

Modified: 2026-04-17T15:07:18.050

Link: CVE-2026-23775

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T11:00:13Z

Weaknesses