Dell PowerProtect Data Domain: Unprivileged User Access to Root

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.7

Dell PowerProtect Data Domain: Unprivileged User Access to Root

CVE-2026-23779

Summary

A security flaw in Dell PowerProtect Data Domain software allows an attacker with local access to gain complete control over the system. This could happen if an attacker has permission to run certain commands. To fix this issue, Dell recommends updating to a patched version of the software.

Original title

Original description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain root-level access.

nvd CVSS3.1 6.7

Vulnerability type

CWE-77 Command Injection

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-...

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026