CVE-2026-26943

Summary

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect Data Domain0 < 8.6.1.10, 8.7.0.0 or lateraffected
DellPowerProtect Data Domain0 < 8.3.1.30 or lateraffected
DellPowerProtect Data Domain0 < 7.13.1.70 or lateraffected
DellPowerProtect Data Domain0 < 2.7.9 with DD OS 8.3.1.30affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References