Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution.
Published: 2026-07-03
Score: 4.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerProtect Data Domain is affected by an incorrect authorization vulnerability (CWE-863). The flaw allows a high‑privileged local attacker to potentially execute arbitrary commands on the appliance. This could let the attacker modify system configuration, access sensitive data, or disrupt services. The description does not state complete system compromise, just the possibility of unauthorized command execution.

Affected Systems

Affected releases include Dell PowerProtect Data Domain 7.7.1.0 through 8.7, LTS2026 release 8.6.1.0 through 8.6.1.10, LTS2025 release 8.3.1.0 through 8.3.1.30, and LTS2024 release 7.13.1.0 through 7.13.1.70. All appliances running these firmware versions are susceptible to the vulnerability.

Risk and Exploitability

The CVSS score of 4.2 places the vulnerability in the low‑severity range, and the EPSS score is not available. The flaw is not listed in CISA’s KEV catalog. Exploitation requires local access with high‑privilege rights; no remote attack vector is documented. The risk is therefore limited to users who have elevated local privileges on the appliance. Vulnerable devices should be considered at risk for unauthorized command execution if local high‑privileged accounts exist.

Generated by OpenCVE AI on July 3, 2026 at 20:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell PowerProtect Data Domain security patch DSA‑2026‑278 to remove the incorrect authorization flaw.
  • Upgrade the firmware to a version beyond the affected ranges, ensuring the running version is 8.7 or later or a newer LTS release.
  • Enforce least‑privilege by restricting local high‑privileged accounts and disabling unnecessary administrative access on the Data Domain appliance.

Generated by OpenCVE AI on July 3, 2026 at 20:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Title Local Unauthorized Command Execution via Incorrect Authorization in Dell PowerProtect Data Domain

Fri, 03 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 03 Jul 2026 13:15:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution.
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}


Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-07-03T12:54:00.862Z

Reserved: 2026-05-17T17:04:27.065Z

Link: CVE-2026-46730

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T20:45:16Z

Weaknesses