Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
High privileges required for remote exploitation; only limited integrity impact with no confidentiality or availability effect, consistent with vendor-provided vector.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
AnalysisAI
Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perform limited information tampering, classified under CWE-348. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 long-term support branches. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already possess high-privileged (administrative) credentials on the Dell PowerProtect Data Domain appliance and have remote network access to its management interface. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 2.7 (Low) accurately reflects the constrained threat model: AV:N indicates network reachability, but PR:H demands the attacker already hold high-privileged access to the appliance, which dramatically reduces the exploitable population. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already obtained high-privileged administrative credentials to a Dell PowerProtect Data Domain appliance - through credential theft, reuse, or insider access - connects remotely to the management interface and submits data via a less-trusted input channel that the system incorrectly prioritizes, allowing modification of information that should be authoritative or system-controlled. No public proof-of-concept exploit code has been identified at the time of this analysis. |
| Remediation | The primary remediation is to apply the patched release identified in Dell Security Advisory DSA-2026-278, available at https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Powerprotect Data Domain
View allDell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficie
Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025
OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2
Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-
OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged loca
Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) expos
Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory
Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse ou
Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-p
Link-following exploitation in Dell PowerProtect Data Domain enables a high-privileged local attacker to read files outs
Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files ou
Same weakness CWE-348 – Use of Less Trusted Source
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41544
GHSA-ch8c-p797-5ccg