Skip to main content

PowerProtect Data Domain EUVDEUVD-2026-42244

| CVE-2026-53480 LOW
Path Traversal (CWE-22)
2026-07-08 security_alert@emc.com GHSA-6rx8-5c7f-4wh3
2.7
CVSS 3.1 · Vendor: emc

Severity by source

Vendor (emc) PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
2.7 LOW

High privilege required for exploitation; only limited file write outside restricted path; no confidentiality or availability impact confirmed by description.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (emc).

CVSS VectorVendor: emc

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jul 08, 2026 - 15:01 EUVD
Analysis Generated
Jul 08, 2026 - 14:58 vuln.today

DescriptionCVE.org

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification.

AnalysisAI

Unauthorized file modification in Dell PowerProtect Data Domain allows a high-privileged remote attacker to write files outside the intended restricted directory via path traversal. Affected across multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 branches. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege Data Domain credentials
Delivery
Authenticate to remote management interface
Exploit
Submit path traversal payload in crafted request
Execution
Bypass directory restriction enforcement
Impact
Modify file outside intended directory boundary

Vulnerability AssessmentAI

Exploitation Exploitation requires high-privilege authentication (PR:H per CVSS vector) - the attacker must possess or obtain administrator-level credentials on the Dell PowerProtect Data Domain system before the traversal can be triggered. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The aggregated risk signals consistently indicate a low-priority issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained high-privilege credentials - whether through credential theft, insider threat, or prior compromise of an admin account - authenticates to the Dell PowerProtect Data Domain management interface over the network and submits a crafted request containing path traversal sequences. The appliance fails to sanitize the pathname, allowing the attacker to write or modify a file outside the intended restricted directory, potentially altering configuration files or stored metadata. …
Remediation The primary remediation is to apply the patched firmware or software version released by Dell as part of advisory DSA-2026-278, available at https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-29987 HIGH
8.8 Apr 03

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficie

CVE-2026-56086 HIGH
8.8 Jul 08

Improper authorization enforcement in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6, plus LTS branches 8.6

CVE-2024-37140 HIGH
8.8 Jun 26

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection v

CVE-2024-29176 HIGH
8.8 Jun 26

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. Ra

CVE-2026-53482 HIGH
7.5 Jul 08

Denial of service in Dell PowerProtect Data Domain (DDOS versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LT

CVE-2024-45759 HIGH
7.3 Nov 08

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of

CVE-2024-48010 HIGH
7.2 Nov 08

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerab

CVE-2026-41122 HIGH
7.1 Jul 08

Stored cross-site scripting in Dell PowerProtect Data Domain (DD OS 7.7.1.0 through 8.7, plus the LTS2026 8.6.1.x, LTS20

CVE-2024-37138 MEDIUM
6.8 Jun 26

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path t

CVE-2026-54483 MEDIUM
6.7 Jul 03

OS command injection in Dell PowerProtect Data Domain enables a high-privileged local attacker to execute arbitrary oper

CVE-2026-26355 MEDIUM
6.5 Jul 03

OS command injection in Dell PowerProtect Data Domain across four version release trains allows a high-privileged remote

CVE-2025-46645 MEDIUM
6.5 Jan 09

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.

Share

EUVD-2026-42244 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy