Dell Data Domain with DD OS: Unsecured Certificate Login Exposes Privileges

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

Dell Data Domain with DD OS: Unsecured Certificate Login Exposes Privileges

CVE-2026-23776

Summary

Dell Data Domain systems with certain versions of the Data Domain Operating System (DD OS) have a security weakness that could allow an unauthorized person to gain higher levels of access. This could happen if an attacker gains remote access to the system. Dell recommends upgrading to a patched version of DD OS to prevent this risk.

Original title

Original description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

nvd CVSS3.1 7.2

Vulnerability type

CWE-295 Improper Certificate Validation

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-...

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026