Is Dell affected by EUVD-2026-23899?

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, including LTS2025 and LTS2024 releases, contain a missing authentication vulnerability allowing remote attackers to execute arbitrary root-level commands on enterprise backup appliances.

Dell EUVD-2026-23899

| CVE-2026-26944 HIGH

Missing Authentication for Critical Function (CWE-306)

2026-04-20 [email protected]

GHSA-hmwv-mfjf-w46v

Authentication Bypass Dell

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 19:07 vuln.today

cvss_changed

Patch available

Apr 20, 2026 - 17:16 EUVD

Analysis Generated

Apr 20, 2026 - 16:25 vuln.today

DescriptionNVD

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.

AnalysisAI

Missing authentication in Dell PowerProtect Data Domain 7.7.1.0-8.6 and LTS releases allows remote unauthenticated attackers to execute arbitrary commands with root privileges when combined with user interaction. Affects enterprise backup appliances across multiple release branches including LTS2025 (8.3.1.0-8.3.1.20) and LTS2024 (7.13.1.0-7.13.1.60). …

RemediationAI

Within 24 hours: Identify all PowerProtect Data Domain appliances running versions 7.7.1.0-8.6, LTS2025 (8.3.1.0-8.3.1.20), or LTS2024 (7.13.1.0-7.13.1.60); document network locations and current user access. Within 7 days: Implement network segmentation to restrict unauthenticated access to affected appliances; review and enforce authentication controls on administrative interfaces; monitor access logs for suspicious activity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-23899 vulnerability details – vuln.today

Back

Dell EUVD-2026-23899

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code