Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Published: 2026-04-20
Score: 6.7 Medium
EPSS: n/a
KEV: No
Impact: Local Privileged Arbitrary Command Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in Dell PowerProtect Data Domain software that allows a high privileged attacker with local access to execute arbitrary commands with root privileges. Exploitation would give the attacker unrestricted control over the system, enabling them to compromise data integrity, confidentiality, or availability.

Affected Systems

Dell PowerProtect Data Domain products from versions 7.7.1.0 through 8.6, LTS2025 releases 8.3.1.0 to 8.3.1.20, and LTS2024 releases 7.13.1.0 to 7.13.1.60 are affected. Users running any of these firmware or software editions are at risk.

Risk and Exploitability

The CVSS score of 6.7 indicates a moderate severity. EPSS information is not available, and the vulnerability is not listed in CISA KEV, suggesting it is not actively exploited in the wild. However, the attack requires local privileged access, which may be obtained through physical access or compromised local accounts. If exploited, root level command execution could lead to full system compromise. Regular patching is the most effective mitigation.

Generated by OpenCVE AI on April 20, 2026 at 20:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerProtect Data Domain security update DSA‑2026‑060 to all affected devices to correct the stack‑based buffer overflow.
  • Disable or remove unnecessary local administrative users on the systems to reduce the attack surface for privileged attackers.
  • Enable and monitor audit logging for privileged command execution on the devices to detect any potential exploitation attempts.

Generated by OpenCVE AI on April 20, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Mon, 20 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Title Stack-Based Buffer Overflow in Dell PowerProtect Data Domain Allows Local Privileged Command Execution

Mon, 20 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-20T17:45:10.071Z

Reserved: 2026-02-16T18:04:20.509Z

Link: CVE-2026-26951

cve-icon Vulnrichment

Updated: 2026-04-20T17:45:06.786Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-20T17:16:32.950

Modified: 2026-04-20T19:05:30.750

Link: CVE-2026-26951

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T22:30:19Z

Weaknesses