Skip to main content

Powerprotect Data Domain CVE-2026-49814

| EUVDEUVD-2026-41551 HIGH
OS Command Injection (CWE-78)
2026-07-03 dell GHSA-j98v-6jpg-29m4
7.2
CVSS 3.1 · Vendor: dell
Share

Severity by source

Vendor (dell) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (dell) · only source for this CVE.

CVSS VectorVendor: dell

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jul 03, 2026 - 16:01 EUVD
Analysis Generated
Jul 03, 2026 - 15:17 vuln.today

DescriptionCVE.org

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

AnalysisAI

Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025 and LTS2024 branches) lets a high-privileged, remotely-authenticated attacker run operating-system commands on the backup appliance by injecting special characters into an OS command context. The flaw was reported by Dell and is addressed in advisory DSA-2026-278; no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

24 hours: Enumerate all PowerProtect Data Domain appliances running versions 7.7.1.0-8.7 or LTS2026/2025/2024; restrict network access to management consoles to essential personnel only; review and strengthen access controls on privileged administrative accounts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-29987 HIGH
8.8 Apr 03

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficie

CVE-2026-49815 HIGH
7.2 Jul 03

OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2

CVE-2026-53478 HIGH
7.2 Jul 03

Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-

CVE-2026-49813 MEDIUM
6.7 Jul 03

OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged loca

CVE-2026-46463 MEDIUM
6.5 Jul 03

Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) expos

CVE-2026-46465 MEDIUM
5.5 Jul 03

Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory

CVE-2026-46464 MEDIUM
4.9 Jul 03

Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse ou

CVE-2026-44268 MEDIUM
4.4 Jul 03

Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-p

CVE-2026-44269 MEDIUM
4.4 Jul 03

Link-following exploitation in Dell PowerProtect Data Domain enables a high-privileged local attacker to read files outs

CVE-2026-46466 LOW
2.7 Jul 03

Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perf

CVE-2026-41124 LOW
2.3 Jul 03

Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files ou

Share

CVE-2026-49814 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy