Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Published: 2026-04-20
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: Arbitrary Command Execution
Action: Patch Now
AI Analysis

Impact

The vulnerability is an improper input validation flaw that can be leveraged by a privileged attacker with remote access to execute arbitrary commands with root privileges on Dell PowerProtect Data Domain appliances. This flaw permits full control over the system, effectively allowing remote code execution and compromising confidentiality, integrity, and availability of stored data.

Affected Systems

Affected are Dell PowerProtect Data Domain appliances. Vulnerable releases include versions 7.7.1.0 through 8.6, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.60.

Risk and Exploitability

The CVSS score of 7.2 indicates high severity, while the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. A high privileged attacker with remote access could exploit the flaw; however, no publicly known exploit is documented. The risk remains significant due to the potential for remote code execution.

Generated by OpenCVE AI on April 20, 2026 at 17:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerProtect Data Domain Security Update DSA-2026-060 to all affected systems.
  • Reduce the attack surface by disabling unnecessary remote access to the management interface.
  • Implement network segmentation between the management network and external or untrusted networks.

Generated by OpenCVE AI on April 20, 2026 at 17:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Title Improper Input Validation Leading to Arbitrary Command Execution in Dell PowerProtect Data Domain

Mon, 20 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-20T17:42:15.787Z

Reserved: 2026-01-23T06:07:21.818Z

Link: CVE-2026-24504

cve-icon Vulnrichment

Updated: 2026-04-20T17:42:12.423Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-20T17:16:31.777

Modified: 2026-04-20T19:05:30.750

Link: CVE-2026-24504

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:00:10Z

Weaknesses