Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
Published: 2026-07-03
Score: 4.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows an attacker with local high privileges to exploit an improper link resolution before file access. The flaw can be triggered by manipulating symbolic or hard links that are resolved before a file is accessed, enabling unauthorized read or modification of protected files. The weakness directly matches CWE‑59 (Improper Handling of a Relative Pathname), which can lead to data compromise.

Affected Systems

Dell PowerProtect Data Domain appliances running versions 7.7.1.0 through 8.6, or the LTS2026 release series 8.6.1.0 through 8.6.1.10, the LTS2025 series 8.3.1.0 through 8.3.1.30, or the LTS2024 series 7.13.1.0 through 7.13.1.70 are affected.

Risk and Exploitability

The CVSS score of 4.4 indicates a moderate severity, and there is no EPSS data or KEV listing, suggesting limited public exploitation. However, the flaw requires high privileged local access, making remote compromise unlikely unless an attacker gains local credentials or physical access. An attacker with such privileges could manipulate link resolution to access or change protected files.

Generated by OpenCVE AI on July 3, 2026 at 17:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Dell patch for PowerProtect Data Domain that addresses the improper link resolution bug.
  • If a patch is not yet available, restrict local privileged access to the appliance and isolate it from untrusted networks to limit exposure.
  • Monitor system logs for anomalous link following activities and verify that configuration changes are documented and approved.

Generated by OpenCVE AI on July 3, 2026 at 17:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
Title Unauthorized Access via Improper Link Resolution in Dell PowerProtect Data Domain

Fri, 03 Jul 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 03 Jul 2026 12:30:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-07-03T12:09:06.006Z

Reserved: 2026-05-05T17:04:45.713Z

Link: CVE-2026-44269

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T17:15:04Z

Weaknesses
  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')