Skip to main content

PowerProtect Data Domain EUVDEUVD-2026-41533

| CVE-2026-44268 MEDIUM
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-07-03 dell GHSA-xx59-c7wc-mgcj
4.4
CVSS 3.1 · Vendor: dell
Share

Severity by source

Vendor (dell) PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
4.4 MEDIUM

Local attack vector and high privileges required align with a config-level permission flaw; confidentiality-only impact reflects read-access to a sensitive resource with no write or availability consequence.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jul 03, 2026 - 14:01 EUVD
Analysis Generated
Jul 03, 2026 - 12:50 vuln.today

DescriptionCVE.org

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

AnalysisAI

Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-privileged local attackers across a broad range of supported release trains. The flaw (CWE-732) means a resource - likely a file, directory, or configuration object - carries overly permissive access controls, allowing a local attacker operating with elevated privileges to read data they are not authorized to access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privileged local account credentials
Delivery
Authenticate to Data Domain appliance locally
Exploit
Identify misconfigured critical resource permissions
Execution
Read sensitive resource without authorization
Impact
Exfiltrate sensitive data for further attack use

Vulnerability AssessmentAI

Exploitation Exploitation requires both local system access and a high-privilege account on the affected Dell PowerProtect Data Domain appliance, as confirmed by the CVSS vector AV:L/PR:H. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 4.4 (Medium) reflects the constrained attack prerequisites: local access (AV:L) and high privileges (PR:H) are both required, which dramatically limits the pool of potential attackers to insiders or already-compromised privileged accounts on the appliance itself. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An insider or an attacker who has already compromised a high-privileged local account on a PowerProtect Data Domain appliance (for example, through credential theft or lateral movement from a backup administrator workstation) leverages the misconfigured resource permissions to directly read a critical system file - such as a credentials store, encryption key file, or replication configuration - that should be inaccessible even at their privilege level. No public exploit code exists at time of analysis, so this scenario presupposes the attacker manually discovers and accesses the misconfigured resource.
Remediation Consult Dell security advisory DSA-2026-278 at https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities for patched build numbers across each release train; no specific fixed version number was included in the available intelligence data, so organizations should reference the advisory directly to identify the minimum fixed build for their deployed release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-29987 HIGH
8.8 Apr 03

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficie

CVE-2026-49814 HIGH
7.2 Jul 03

Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025

CVE-2026-49815 HIGH
7.2 Jul 03

OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2

CVE-2026-53478 HIGH
7.2 Jul 03

Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-

CVE-2026-49813 MEDIUM
6.7 Jul 03

OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged loca

CVE-2026-46463 MEDIUM
6.5 Jul 03

Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) expos

CVE-2026-46465 MEDIUM
5.5 Jul 03

Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory

CVE-2026-46464 MEDIUM
4.9 Jul 03

Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse ou

CVE-2026-44269 MEDIUM
4.4 Jul 03

Link-following exploitation in Dell PowerProtect Data Domain enables a high-privileged local attacker to read files outs

CVE-2026-46466 LOW
2.7 Jul 03

Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perf

CVE-2026-41124 LOW
2.3 Jul 03

Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files ou

Share

EUVD-2026-41533 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy