Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Dell PowerProtect Data Manager 19.22 and earlier: Untrusted API Access Risk
CVE-2026-22266
Summary
A high-risk vulnerability in the Dell PowerProtect Data Manager's REST API allows a malicious user with remote access to potentially bypass security protections. This means an attacker could potentially access sensitive data or perform unauthorized actions. Dell PowerProtect Data Manager users should update to version 19.22 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dell | powerprotect_data_manager | <= 19.22 | – |
Original title
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with re...
Original description
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
nvd CVSS3.1
8.8
Vulnerability type
CWE-146
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026