EUVD-2026-23886
GHSA-c3x5-j788-wjpm
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.
AnalysisAI
OS command injection in Dell PowerProtect Data Domain versions 7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allows high-privileged remote attackers to execute arbitrary commands as root. Network-accessible exploitation requires existing administrative credentials but minimal attack complexity (CVSS:3.1/AV:N/AC:L/PR:H). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Dell PowerProtect Data Domain deployments and identify instances running versions 7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, or LTS2024 7.13.1.0-7.13.1.60. Within 7 days: Apply vendor patch per DSA-2026-060 to all affected systems, prioritizing production backup appliances. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today