Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
Published: 2026-07-03
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use of less trusted source (CWE‑348) in Dell PowerProtect Data Domain software. A remote attacker with high privileges can supply untrusted input that the system later treats as trustworthy, enabling the attacker to tamper with stored information. This can compromise the integrity of backed‑up data and potentially affect recovery operations.

Affected Systems

Affected products are Dell PowerProtect Data Domain. The vulnerability exists in versions 7.7.1.0 through 8.7, in L.6.1.0 through 8.6.1.10, in LTS2025 releases 8.3.1.0 through 8.3.1.30, and in LTS2024 releases 7.13.1.0 through 7.13.1.70.

Risk and Exploitability

The CVSS score of 2.7 indicates low overall severity. Because the exploit requires high privileged remote access to the appliance, the likelihood of exploitation is low, and the vulnerability is not listed in CISA KEV. Attackers would need to compromise an account with administrative rights and submit malicious input to the system. With no public exploits reported, the immediate threat level is moderate, but organizations should still apply the available update.

Generated by OpenCVE AI on July 4, 2026 at 00:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell Security Advisory DSA‑2026‑278 update for PowerProtect Data Domain
  • Segment network access to the PowerProtect Data Domain management interface so only trusted management hosts can reach it
  • Implement role‑based access controls and monitor logs for unauthorized data modifications

Generated by OpenCVE AI on July 4, 2026 at 00:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 04 Jul 2026 01:15:00 +0000

Type Values Removed Values Added
Title Data Domain Vulnerability Allowing Information Tampering via Trusted Source Misuse

Fri, 03 Jul 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 03 Jul 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
Weaknesses CWE-348
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}


Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-07-03T13:10:01.883Z

Reserved: 2026-05-14T17:05:39.859Z

Link: CVE-2026-46466

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-04T01:00:15Z

Weaknesses
  • CWE-348

    Use of Less Trusted Source