CVE-2026-22266

Summary

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect Data ManagerN/A < 19.22.0-24 or lateraffected

Weaknesses

  • CWE-146: CWE-146: Improper Neutralization of Expression/Command Delimiters

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References