Description
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Published: 2026-04-20
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

Dell PowerProtect Data Domain versions 8.5 and 8.6 suffer from an improper input validation flaw that can allow an attacker with high privileges and remote access to execute arbitrary commands with root privileges. The vulnerability is a classic input validation failure, identified as CWE‑20, and carries a CVSS score of 7.2, indicating a high severity level for potential impact on confidentiality, integrity, and availability.

Affected Systems

Affected systems are Dell PowerProtect Data Domain appliances running firmware versions 8.5 or 8.6. No other versions or models are mentioned in the advisory.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the CVSS rating signals a high exploitation risk. Based on the advisory, the attack vector requires remote privileged access; once an attacker gains such access, arbitrary command execution can be performed, leading to system compromise.

Generated by OpenCVE AI on April 20, 2026 at 18:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Dell DSA‑2026‑060 security update for PowerProtect Data Domain appliances to fix the input validation issue.
  • Reboot the affected appliances so the patch takes effect and services are reloaded.
  • Monitor system logs for errors or unexpected behavior after reboot to confirm system stability.

Generated by OpenCVE AI on April 20, 2026 at 18:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Title Improper Input Validation Allows Remote Command Execution on Dell PowerProtect Data Domain

Mon, 20 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Mon, 20 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-20T18:08:18.273Z

Reserved: 2026-01-23T06:07:21.818Z

Link: CVE-2026-24505

cve-icon Vulnrichment

Updated: 2026-04-20T18:08:14.746Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-20T17:16:31.920

Modified: 2026-04-20T19:05:30.750

Link: CVE-2026-24505

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:45:14Z

Weaknesses