EUVD-2026-23395
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
AnalysisAI
Improper certificate validation in Dell PowerProtect Data Domain certificate-based login allows high-privileged remote attackers to escalate privileges to full system control (confidentiality, integrity, availability impact). Affects DD OS versions 7.7.1.0-8.5, LTS2025 (8.3.1.0-8.3.1.20), and LTS2024 (7.13.1.0-7.13.1.60). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Dell PowerProtect Data Domain appliances in your environment and document current OS versions using Dell's advisory DSA-2026-060. Within 7 days: Test the vendor-released patch in a non-production environment and plan maintenance windows. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today