Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.7
Dell PowerProtect Data Manager allows high-privilege attackers to bypass security
CVE-2026-22269
Summary
Prior to version 19.22, Dell PowerProtect Data Manager's REST API fails to properly verify the source of incoming requests. This means a highly privileged attacker with remote access could potentially exploit this weakness and bypass the security measures in place. Dell recommends updating to version 19.22 or later to address this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dell | powerprotect_data_manager | <= 19.22 | – |
Original title
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with re...
Original description
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
nvd CVSS3.1
4.7
Vulnerability type
CWE-940
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026