Is Command Injection affected by EUVD-2026-23396?

CVE-2026-23778 is a command injection vulnerability in Dell PowerProtect Data Domain that permits high-privileged administrators to escalate to root access, affecting versions 7.7.1.0 through 8.5 and multiple LTS releases.

EUVD-2026-23396

| CVE-2026-23778 HIGH

2026-04-17 dell

GHSA-xpp5-4hhp-6qhr

Dell Command Injection

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

patch_available

Apr 17, 2026 - 10:01 EUVD

Analysis Updated

Apr 17, 2026 - 09:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 17, 2026 - 09:22 vuln.today

cvss_changed

Analysis Generated

Apr 17, 2026 - 09:15 vuln.today

DescriptionNVD

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to gain root-level access.

AnalysisAI

Command injection in Dell PowerProtect Data Domain allows high-privileged remote attackers to escalate to root-level access across multiple DD OS versions (7.7.1.0-8.5, LTS releases 7.13.1.0-7.13.1.50, 8.3.1.0-8.3.1.20). Exploitation requires existing high-privilege administrator credentials but is otherwise straightforward (AC:L). …

RemediationAI

24 hours: Inventory all Dell PowerProtect Data Domain deployments and identify instances running affected versions (7.7.1.0-8.5, 7.13.1.0-7.13.1.50, 8.3.1.0-8.3.1.20); document each instance location and current admin access controls. 7 days: Implement administrative access restrictions-limit active administrator accounts to essential personnel only, enforce multi-factor authentication where supported, and enable detailed audit logging of all administrative actions per Dell advisory DSA-2026-060 baseline requirements. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-23396 vulnerability details – vuln.today

Back

EUVD-2026-23396

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code