Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
Published: 2026-07-03
Score: 4.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper link resolution before file access that allows a high‑privileged local attacker to access files they normally would not be able to reach, leading to potential information exposure. This flaw corresponds to CWE‑59 and is reported with a moderate CVSS score of 4.4, indicating a moderate severity impact under the conditions described. The advisory does not list an EPSS score and the vulnerability is not in the CISA KEV catalog, suggesting limited publicly known exploitation at this time.

Affected Systems

Dell PowerProtect Data Domain appliances running versions 7.7.1.0 through 8.7, as well as the LTS2026 releases 8.6.1.0 through 8.6.1.10, LTS2025 releases 8.3.1.0 through 8.3.1.30, and LTS2024 releases 7.13.1.0 through 7.13.1.70 are affected.

Risk and Exploitability

The CVSS score of 4.4 signals a moderate risk; the lack of an EPSS score means the exploitation probability is uncertain, though the attack requires local high‑privilege access. Because it is not listed in KEV, there is no evidence of current exploitation. The threat exists primarily to systems that are locally accessible to privileged users, so restricting such access or applying the patch mitigates the risk.

Generated by OpenCVE AI on July 3, 2026 at 20:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell‑provided security update DSA‑2026‑278 to upgrade all affected PowerProtect Data Domain appliances to a patched version.
  • Restrict local administrative privileges on the appliance to essential personnel only, enforcing least‑privilege principles.
  • Ensure the appliance is isolated from unnecessary network and remote management access until the patch is applied.

Generated by OpenCVE AI on July 3, 2026 at 20:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Title Local Privileged File Access via Improper Link Resolution on Dell PowerProtect Data Domain

Fri, 03 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 03 Jul 2026 13:15:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-07-03T12:58:46.278Z

Reserved: 2026-05-14T17:05:39.859Z

Link: CVE-2026-46468

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T20:45:16Z

Weaknesses
  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')