Description
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Published: 2026-04-22
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via buffer overflow
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow in the Domain Operating System allows an attacker to execute arbitrary commands. The flaw propagates executable code without authentication, enabling a full takeover of the affected system. It stems from improper bounds checking and is classed as a buffer overflow vulnerability.

Affected Systems

Dell PowerProtect Data Domain appliances running Domain Operating System Feature Release versions from 7.7.1.0 through 8.6, LTS2025 releases 8.3.1.0 to 8.3.1.10, and LTS2024 releases 7.13.1.0 to 7.13.1.60 are affected.

Risk and Exploitability

The CVSS score of 8.1 classifies this as high severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation, but the vulnerability remains unauthenticated and remotely exploitable with no prerequisite access, meaning an external attacker could trigger it. The vulnerability is not currently cataloged in CISA's KEV list.

Generated by OpenCVE AI on April 28, 2026 at 20:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and apply Dell PowerProtect Data Domain DSA-2026-060 security update
  • Restrict external network access to the appliance by blocking or limiting traffic to the vulnerable ports until the patch is applied
  • Disable or restrict the vulnerable service or component that is exposed via the Domain Operating System, following Dell's temporary configuration guidelines

Generated by OpenCVE AI on April 28, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Title Stack-Based Buffer Overflow Enabling Remote Command Execution in Dell PowerProtect Data Domain

Mon, 27 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell data Domain Operating System
Dell powerprotect Dp Series Appliance
Weaknesses CWE-787
CPEs cpe:2.3:a:dell:powerprotect_dp_series_appliance:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Vendors & Products Dell data Domain Operating System
Dell powerprotect Dp Series Appliance

Wed, 22 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Data Domain Operating System Powerprotect Data Domain Powerprotect Dp Series Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-23T03:56:13.620Z

Reserved: 2026-02-13T18:05:27.825Z

Link: CVE-2026-26354

cve-icon Vulnrichment

Updated: 2026-04-22T18:36:46.485Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T19:17:00.677

Modified: 2026-04-27T17:09:11.120

Link: CVE-2026-26354

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:45:16Z

Weaknesses