Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Description confirms only DoS impact; I:L dropped as unsubstantiated; AC:H and PR:N retained per unauthenticated remote vector with noted complexity.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
AnalysisAI
Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) exposes backup and data protection infrastructure to remote denial of service by an unauthenticated attacker. The CVSS vector (AV:N/AC:H/PR:N) confirms network-accessible, unauthenticated exploitation, though high attack complexity constrains practical exploitation to adversaries who can satisfy specific preconditions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The CVSS vector (AV:N/AC:H/PR:N/UI:N) confirms that no authentication is required and no user interaction is needed, but exploitation is constrained by high attack complexity (AC:H). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 6.5 reflects a Medium-severity issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker identifies a Dell PowerProtect Data Domain appliance reachable over the network and sends a specially crafted request - likely containing a malformed integer field in a data-path or management protocol - that triggers an arithmetic wraparound in the appliance's processing logic. The resulting incorrect value leads to an abnormal code path that crashes the affected service or process, rendering the appliance unavailable for backup and recovery operations. … |
| Remediation | Patch available per vendor advisory - Dell has published DSA-2026-278 at https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities, which contains specific fixed build numbers for each affected release train (main, LTS2024, LTS2025, LTS2026). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Powerprotect Data Domain
View allDell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficie
Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025
OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2
Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-
OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged loca
Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory
Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse ou
Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-p
Link-following exploitation in Dell PowerProtect Data Domain enables a high-privileged local attacker to read files outs
Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perf
Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files ou
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41547
GHSA-xgmx-456f-v7hp