CVE-2026-23777 - Vulnerability Details

- Remote Access Sensitive Information Exposure in Dell PowerProtect Data Domain

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.

Published: 2026-04-17

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability in Dell PowerProtect Data Domain allows a low‑privileged attacker with remote access to obtain sensitive information that should remain confidential. The flaw is classified under CWE‑200, indicating information exposure and resulting in a loss of confidentiality. No other impact such as integrity or availability is described in the supplied data.

Affected Systems

Dell PowerProtect Data Domain systems running Data Domain Operating System Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50 are affected.

Risk and Exploitability

The CVSS score is 4.3, placing the vulnerability in the low to moderate severity range. An EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote access by a low‑privileged user, implying that an attacker with network reach and some local privileges can exploit the information‑exposure flaw but would need to authenticate or otherwise navigate the system’s access controls. Because the impact is limited to confidentiality and the severity is low, the risk is considered moderate when no additional exploits are known.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

PowerProtect Data Domain

unaffected

Version	Status	Constraints
`0`	affected	< 8.6.0.0 or later
`0`	affected	< 8.3.1.20 or later
`0`	affected	< 7.13.1.50 or later
`0`	affected	< 2.7.9 with DD OS 8.3.1.30

No data.

Vendor Product Confidence Versions

Dell

Powerprotect Data Domain

100%

Version	Status	Scheme	Platform
`[0,8.6.0.0)`	affected	generic	—
`[0,8.3.1.20)`	affected	generic	—
`[0,7.13.1.50)`	affected	generic	—
`[0,2.7.9 with DD OS 8.3.1.30)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the Dell security update for PowerProtect Data Domain referenced in the Dell advisory (KB000450699).
Upgrade the Data Domain Operating System to a non‑affected version, ensuring the current install is beyond the ranges listed above.
Restrict remote access to trusted IP ranges and enforce least‑privilege authentication policies to reduce the opportunity for low‑privileged attackers.

Generated by OpenCVE AI on April 18, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

History

Sat, 18 Apr 2026 09:45:00 +0000

Type	Values Removed	Values Added
Title		Remote Access Sensitive Information Exposure in Dell PowerProtect Data Domain

Fri, 17 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell powerprotect Data Domain
Vendors & Products		Dell Dell powerprotect Data Domain

Fri, 17 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 17 Apr 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
Weaknesses		CWE-200
References		https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Dell Powerprotect Data Domain

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2026-04-17T11:52:13.427Z

Updated: 2026-04-17T13:14:12.461Z

Reserved: 2026-01-16T06:05:50.873Z

Link: CVE-2026-23777

Vulnrichment

Updated: 2026-04-17T13:14:07.958Z

NVD

Status : Awaiting Analysis

Published: 2026-04-17T12:16:32.343

Modified: 2026-04-17T15:07:18.050

Link: CVE-2026-23777

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T09:30:25Z

Weaknesses

CWE-200

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object