CVE-2026-35154

Summary

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges to access unauthorized delete operation.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect Data Domain appliances0 < 8.7.0.1 or lateraffected
DellPowerProtect Data Domain appliances0 < 8.3.1.30 or lateraffected
DellPowerProtect Data Domain appliances0 < 7.13.1.70 or lateraffected

Weaknesses

  • CWE-269: CWE-269: Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References