Dell PowerProtect Appliances Leak Sensitive Info in Log Files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.6

Dell PowerProtect Appliances Leak Sensitive Info in Log Files

CVE-2026-23775

Summary

Dell PowerProtect Data Domain appliances with certain software versions may leak sensitive information, such as login credentials, into log files. This could potentially be exploited by an attacker with remote access. If you have retention lock enabled, update your software to a fixed version to prevent this issue.

Original title

Original description

Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high privileged DD user. This vulnerability only affects systems with retention lock enabled.

nvd CVSS3.1 7.6

Vulnerability type

CWE-532 Insertion of Sensitive Information into Log File

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-...

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026