CVE-2026-26944

Summary

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect Data Domain0 < 8.6.1.10, 8.7.0.0 or lateraffected
DellPowerProtect Data Domain0 < 8.3.1.30 or lateraffected
DellPowerProtect Data Domain0 < 7.13.1.70 or lateraffected
DellPowerProtect Data Domain0 < 2.7.9 with DD OS 8.3.1.30affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References