Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Published: 2026-04-20
Score: 7.2 High
EPSS: 1.2% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An OS command injection flaw exists in Dell PowerProtect Data Domain. A high privileged attacker who can reach the system remotely may exploit this vulnerability to execute arbitrary operating system commands with root privileges, allowing complete control of the affected appliance.

Affected Systems

Dell PowerProtect Data Domain appliances are affected. Vulnerable versions include 7.7.1.0 through 8.6, the LTS2025 releases 8.3.1.0 through 8.3.1.20, and the LTS2024 releases 7.13.1.0 through 7.13.1.60.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity for remote exploitation. With an EPSS score of 1%, the probability of exploitation is considered very low but non-zero. The vulnerability is not listed in CISA’s KEV catalog. Attack requires remote access and high privileges, making it relevant mainly when an attacker can already obtain remote management connectivity to the appliance.

Generated by OpenCVE AI on June 18, 2026 at 13:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerProtect Data Domain security update available from Dell’s support site.
  • Restrict remote management access to trusted IP addresses or enforce network segmentation to limit potential attack surface.
  • Configure auditing and monitoring for unexpected command execution and regularly review system logs for signs of compromise.

Generated by OpenCVE AI on June 18, 2026 at 13:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title OS Command Injection Enabling Root Execution on Dell PowerProtect Data Domain Appliances

Wed, 17 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Title OS Command Injection Enabling Root Execution on Dell PowerProtect Data Domain Appliances

Tue, 16 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Title OS Command Injection in Dell PowerProtect Data Domain Allows Root Privilege Escalation

Tue, 28 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell data Domain Operating System
Dell powerprotect Dp Series Appliance
CPEs cpe:2.3:a:dell:powerprotect_dp_series_appliance:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Vendors & Products Dell data Domain Operating System
Dell powerprotect Dp Series Appliance

Tue, 21 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Title OS Command Injection in Dell PowerProtect Data Domain Allows Root Privilege Escalation

Mon, 20 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Data Domain Operating System Powerprotect Data Domain Powerprotect Dp Series Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-22T03:56:04.147Z

Reserved: 2026-02-16T18:04:20.508Z

Link: CVE-2026-26943

cve-icon Vulnrichment

Updated: 2026-04-20T16:43:54.243Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-20T17:16:32.793

Modified: 2026-06-17T10:26:25.690

Link: CVE-2026-26943

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T13:30:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')