Dell PowerProtect Data Domain: Unprivileged Access via Command Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

Dell PowerProtect Data Domain: Unprivileged Access via Command Injection

CVE-2026-23778

Summary

Dell PowerProtect Data Domain's command injection flaw allows a highly privileged attacker to potentially gain complete control over the system if they have remote access. This could happen if an attacker sends malicious commands to the system. Dell recommends updating to the latest version of the Data Domain Operating System to fix this issue.

Original title

Original description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to gain root-level access.

nvd CVSS3.1 7.2

Vulnerability type

CWE-77 Command Injection

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-...

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026