Skip to main content

PowerProtect Data Domain EUVDEUVD-2026-41547

| CVE-2026-46463 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-07-03 dell GHSA-xgmx-456f-v7hp
6.5
CVSS 3.1 · Vendor: dell
Share

Severity by source

Vendor (dell) PRIMARY
6.5 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
vuln.today AI
5.9 MEDIUM

Description confirms only DoS impact; I:L dropped as unsubstantiated; AC:H and PR:N retained per unauthenticated remote vector with noted complexity.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

2
Patch available
Jul 03, 2026 - 15:01 EUVD
Analysis Generated
Jul 03, 2026 - 14:22 vuln.today

DescriptionCVE.org

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

AnalysisAI

Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) exposes backup and data protection infrastructure to remote denial of service by an unauthenticated attacker. The CVSS vector (AV:N/AC:H/PR:N) confirms network-accessible, unauthenticated exploitation, though high attack complexity constrains practical exploitation to adversaries who can satisfy specific preconditions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify network-accessible Data Domain appliance
Delivery
Craft malformed integer-bearing protocol payload
Exploit
Send payload without authentication
Execution
Trigger integer wraparound in processing logic
Persist
Crash affected service
Impact
Deny backup and recovery operations

Vulnerability AssessmentAI

Exploitation The CVSS vector (AV:N/AC:H/PR:N/UI:N) confirms that no authentication is required and no user interaction is needed, but exploitation is constrained by high attack complexity (AC:H). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 6.5 reflects a Medium-severity issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker identifies a Dell PowerProtect Data Domain appliance reachable over the network and sends a specially crafted request - likely containing a malformed integer field in a data-path or management protocol - that triggers an arithmetic wraparound in the appliance's processing logic. The resulting incorrect value leads to an abnormal code path that crashes the affected service or process, rendering the appliance unavailable for backup and recovery operations. …
Remediation Patch available per vendor advisory - Dell has published DSA-2026-278 at https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities, which contains specific fixed build numbers for each affected release train (main, LTS2024, LTS2025, LTS2026). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-29987 HIGH
8.8 Apr 03

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficie

CVE-2026-49814 HIGH
7.2 Jul 03

Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025

CVE-2026-49815 HIGH
7.2 Jul 03

OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2

CVE-2026-53478 HIGH
7.2 Jul 03

Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-

CVE-2026-49813 MEDIUM
6.7 Jul 03

OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged loca

CVE-2026-46465 MEDIUM
5.5 Jul 03

Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory

CVE-2026-46464 MEDIUM
4.9 Jul 03

Symlink-following vulnerability in Dell PowerProtect Data Domain allows a high-privileged remote attacker to traverse ou

CVE-2026-44268 MEDIUM
4.4 Jul 03

Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-p

CVE-2026-44269 MEDIUM
4.4 Jul 03

Link-following exploitation in Dell PowerProtect Data Domain enables a high-privileged local attacker to read files outs

CVE-2026-46466 LOW
2.7 Jul 03

Dell PowerProtect Data Domain's handling of a less-trusted data source allows a remote, high-privileged attacker to perf

CVE-2026-41124 LOW
2.3 Jul 03

Path traversal in Dell PowerProtect Data Domain allows a locally authenticated high-privileged attacker to read files ou

Share

EUVD-2026-41547 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy