Is Dell affected by CVE-2026-23774?

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.5 contain a critical command injection vulnerability (CVE-2026-23774) that allows authenticated administrative users to execute arbitrary commands, potentially compromising backup infrastructure and sensitive data protection systems.

Dell CVE-2026-23774

EUVD-2026-23879 HIGH

OS Command Injection (CWE-78)

2026-04-20 [email protected]

GHSA-gxrh-c9qf-pf88

Command Injection Dell

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 19:07 vuln.today

cvss_changed

Patch available

Apr 20, 2026 - 17:16 EUVD

Analysis Generated

Apr 20, 2026 - 16:24 vuln.today

DescriptionNVD

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

AnalysisAI

OS command injection in Dell PowerProtect Data Domain allows remote high-privileged attackers to execute arbitrary commands on DD OS versions 7.7.1.0-8.5, LTS2025 8.3.1.0-8.3.1.10, and LTS2024 7.13.1.0-7.13.1.40. Dell published DSA-2026-060 addressing this CWE-78 flaw with CVSS 7.2 (high impact on confidentiality, integrity, availability). …

RemediationAI

Within 24 hours: Inventory all Dell PowerProtect Data Domain deployments and document current OS versions (check DSA-2026-060 affected ranges: 7.7.1.0-8.5, LTS2025 8.3.1.0-8.3.1.10, LTS2024 7.13.1.0-7.13.1.40); restrict administrative access to Data Domain systems to essential personnel only and require multi-factor authentication for privileged accounts. Within 7 days: Isolate affected Data Domain instances from non-essential network access and implement network segmentation if systems are internet-facing; monitor administrative account activity for unauthorized command execution. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-23774 vulnerability details – vuln.today

Back

Dell CVE-2026-23774

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code