Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
Published: 2026-07-03
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from improper access control within the RBAC mechanism of Dell PowerProtect Data Domain, allowing a low‐privileged attacker with remote access to tamper with stored information. The weakness is an improper access control flaw (CWE‑284) that could lead to data integrity violations if exploited.

Affected Systems

Dell PowerProtect Data Domain appliances running versions 7.7.1.0 through 8.6, LTS2026 release versions 8.6.1.0 through 8.6.1.10, LTS2025 release versions 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70 are affected.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, but the EPSS score is not available, so the likelihood of exploitation remains uncertain. The vulnerability appears to require the attacker to have remote access to the Data Domain appliance, potentially through its management interface, and leverage the RBAC flaw to perform unauthorized modifications.

Generated by OpenCVE AI on July 3, 2026 at 17:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell‑provided security update DSA‑2026‑278 for PowerProtect Data Domain
  • Review and tighten RBAC role assignments to enforce least privilege for all users
  • Audit RBAC changes and monitor for unauthorized tampering attempts

Generated by OpenCVE AI on July 3, 2026 at 17:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Dell PowerProtect RBAC Leading to Information Tampering

Fri, 03 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 03 Jul 2026 13:15:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}


Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-07-03T12:25:47.932Z

Reserved: 2026-04-17T05:04:42.886Z

Link: CVE-2026-41123

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T17:15:04Z

Weaknesses