Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Published: 2026-07-03
Score: 2.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerProtect Data Domain suffers from a path traversal flaw (CWE-22). A local attacker with high privileges can read or expose sensitive data by manipulating pathnames beyond intended directories. The vulnerability can leak confidential information but does not allow code execution or denial of service.

Affected Systems

Affected are Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release versions 8.6.1.0 through 8.6.1.10, LTS2025 release versions 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70.

Risk and Exploitability

The CVSS score is 2.3, reflecting a low severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local, high‑privileged access, making it less likely to be leveraged remotely but still relevant for compromised environments.

Generated by OpenCVE AI on July 3, 2026 at 20:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell’s security update for PowerProtect Data Domain to a version later than the affected releases, as detailed in the Dell support advisory.
  • Limit local privileged access to the Data Domain appliance by enforcing the principle of least privilege and disabling unnecessary local accounts.
  • Enforce network segmentation to isolate the Data Domain appliance from untrusted networks.

Generated by OpenCVE AI on July 3, 2026 at 20:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Title Local Path Traversal Causing Information Exposure in Dell PowerProtect Data Domain

Fri, 03 Jul 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 03 Jul 2026 12:30:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 2.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}


Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-07-03T12:19:59.524Z

Reserved: 2026-04-17T05:04:42.886Z

Link: CVE-2026-41124

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T20:45:16Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')