High severity7.2NVD Advisory· Published Apr 17, 2026· Updated Apr 20, 2026

CVE-2026-23778

Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to gain root-level access.

Affected products

Dell/Powerprotect Dp Series Appliance
cpe:2.3:a:dell:powerprotect_dp_series_appliance:*:*:*:*:*:*:*:*
Range: <2.7.9
Dell/Data Domain Operating System
cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Range: >=7.7.1.0,<7.13.1.50

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilitiesnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000