Skip to main content

PowerProtect Data Domain CVE-2026-53483

| EUVDEUVD-2026-42036 CRITICAL
Improper Authentication (CWE-287)
2026-07-07 dell GHSA-crf6-f3jp-fmm4
9.8
CVSS 3.1 · Vendor: dell
Share

Severity by source

Vendor (dell) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Vendor describes unauthenticated remote authentication bypass yielding complete system control, so AV:N/PR:N/UI:N with full C/I/A high; scope unchanged as impact is confined to the appliance.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jul 07, 2026 - 14:01 EUVD
Analysis Generated
Jul 07, 2026 - 13:30 vuln.today

DescriptionCVE.org

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.

AnalysisAI

Improper authentication in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 branches) lets an unauthenticated, remote attacker bypass authentication and gain unauthorized access that Dell says can escalate to complete system control. Dell rates it critical (CVSS 9.8, CWE-287). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Data Domain network interface
Delivery
Send crafted request bypassing authentication
Exploit
Obtain unauthorized/admin access
Execution
Take control of appliance
Impact
Tamper with or destroy backup data

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against affected Dell PowerProtect Data Domain appliances, per the CVSS vector AV:N/AC:L/PR:N/UI:N (no privileges, no user interaction). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base 9.8) signals worst-case exploitability: network-reachable, low complexity, no privileges, no user interaction, with high confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to a Data Domain appliance's exposed interface exploits the authentication bypass to reach the system without valid credentials, then leverages that access to gain administrative control over the appliance and the backup data it holds. Because backups are a prime ransomware target, an attacker could tamper with, exfiltrate, or destroy backup copies to undermine recovery. …
Remediation Upgrade Dell PowerProtect Data Domain / DD OS to a fixed release per Dell advisory DSA-2026-278 (https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities); the input does not enumerate the exact fixed build numbers, so consult the advisory for the precise target version matching your release train (mainline, LTS2026, LTS2025, or LTS2024) and apply it at the earliest opportunity as Dell recommends. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Dell PowerProtect Data Domain instances; determine exact versions; immediately restrict network access to trusted administrative subnets only via firewall rules and network segmentation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-53481 CRITICAL
9.8 Jul 07

Path traversal leading to full system compromise affects Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0 through

CVE-2025-29987 HIGH
8.8 Apr 03

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficie

CVE-2023-44285 HIGH
7.8 Dec 14

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access con

CVE-2023-44277 HIGH
7.8 Dec 14

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injectio

CVE-2026-53479 HIGH
7.2 Jul 07

OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2

CVE-2026-49814 HIGH
7.2 Jul 03

Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025

CVE-2026-53478 HIGH
7.2 Jul 03

Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-

CVE-2026-49815 HIGH
7.2 Jul 03

OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2

CVE-2023-48667 HIGH
7.2 Dec 14

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injectio

CVE-2026-49813 MEDIUM
6.7 Jul 03

OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged loca

CVE-2023-44279 MEDIUM
6.7 Dec 14

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injecti

CVE-2023-44278 MEDIUM
6.7 Dec 14

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vuln

Share

CVE-2026-53483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy