Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
Published: 2026-07-03
Score: 4.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerProtect Data Domain suffers from an incorrect permission assignment for a critical resource. The vulnerability, catalogued as CWE‑732, allows a high‑privileged user with local access to bypass intended security boundaries and gain unauthorized access to protected data or functions. The flaw does not enable remote code execution but permits escalation within the local environment, potentially exposing sensitive information or allowing further lateral movement.

Affected Systems

Affected are Dell PowerProtect Data Domain releases 7.7.1.0 through 8.6, including LTS2026 version 8.6.1.0 to 8.6.1.10, LTS2025 version 8.3.1.0 to 8.3.1.30, and LTS2024 version 7.13.1.0 to 7.13.1.70. Any instance running these firmware versions with local privileged accounts is vulnerable.

Risk and Exploitability

The CVSS score of 4.4 indicates a moderate overall risk, and the EPSS score is not available, suggesting limited publicly known exploit activity. The vulnerability is not listed in CISA's KEV catalog. The attack surface is local; an attacker must first gain local administrative privileges on the storage appliance to exploit the incorrect permission assignment. Successful exploitation results in unauthorized data access rather than full system compromise.

Generated by OpenCVE AI on July 3, 2026 at 17:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Dell PowerProtect Data Domain security update released in the Dell KB article (https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities).
  • Restrict local privileged accounts to only those required for operation and remove unnecessary high‑privilege users.
  • Review and audit permission assignments for critical resources to ensure they align with intended access controls.

Generated by OpenCVE AI on July 3, 2026 at 17:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 03 Jul 2026 12:30:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-07-03T12:15:22.397Z

Reserved: 2026-05-05T17:04:45.713Z

Link: CVE-2026-44268

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T17:15:04Z

Weaknesses
  • CWE-732

    Incorrect Permission Assignment for Critical Resource