Skip to main content

Data Domain Operating System

38 CVEs product

Monthly

CVE-2026-56086 HIGH PATCH This Week

Improper authorization enforcement in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6, plus LTS branches 8.6.1.0-8.6.1.10, 8.3.1.0-8.3.1.30, and 7.13.1.0-7.13.1.70) allows a low-privileged, remote authenticated attacker to reach resources or actions beyond their assigned role, resulting in unauthorized access. Rated CVSS 8.8 (High) with high confidentiality, integrity, and availability impact and low attack complexity. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low barrier to exploitation for any existing account makes this a meaningful escalation risk on these backup appliances.

Authentication Bypass Dell Data Domain Operating System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-53482 HIGH PATCH This Week

Denial of service in Dell PowerProtect Data Domain (DDOS versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70) allows a remote, unauthenticated attacker to crash or hang the appliance by triggering an integer overflow (CWE-190). Per the CVSS vector (PR:N/UI:N), no authentication or user interaction is required, and the impact is confined to availability (C:N/I:N/A:H) - no data disclosure or code execution. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV; EPSS was not provided.

Integer Overflow Dell Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-53480 LOW PATCH Monitor

Unauthorized file modification in Dell PowerProtect Data Domain allows a high-privileged remote attacker to write files outside the intended restricted directory via path traversal. Affected across multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 branches. Dell has published advisory DSA-2026-278 addressing this flaw; no public exploit code or active exploitation has been identified at time of analysis.

Dell Path Traversal Data Domain Operating System
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2026-41122 HIGH PATCH This Week

Stored cross-site scripting in Dell PowerProtect Data Domain (DD OS 7.7.1.0 through 8.7, plus the LTS2026 8.6.1.x, LTS2025 8.3.1.x, and LTS2024 7.13.1.x branches) lets a remote attacker persist malicious script in the appliance management interface that executes in other users' browser sessions. Because the flaw is reachable without authentication and the injected payload runs in the victim's authenticated context, an attacker can achieve information disclosure, session/token theft, and client-side request forgery against operators of the backup appliance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Dell has published advisory DSA-2026-278.

XSS Dell Information Disclosure Data Domain Operating System
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-56085 LOW PATCH Monitor

Information exposure in Dell PowerProtect Data Domain across multiple release tracks allows a low-privileged local attacker to read sensitive residual data via an uninitialized memory resource (CWE-908). The flaw spans the mainline 7.7.1.0-8.7 branch and three LTS tracks (LTS2024, LTS2025, LTS2026), confirmed by Dell via advisory DSA-2026-278. No public exploit code exists and no active exploitation has been identified; the CVSS 3.3 score and local-only attack vector place this firmly in the low-severity tier.

Dell Information Disclosure Data Domain Operating System
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-54483 MEDIUM PATCH This Month

OS command injection in Dell PowerProtect Data Domain enables a high-privileged local attacker to execute arbitrary operating system commands on the backup appliance, achieving full command execution within the Data Domain OS (DDOS). The flaw spans the general release track (7.7.1.0-8.6) and three LTS streams (LTS2024, LTS2025, LTS2026), indicating a shared vulnerable code path across a wide version surface. No public exploit code or CISA KEV listing exists at time of analysis, and the PR:H/AV:L prerequisites meaningfully constrain real-world risk to insider threats or post-compromise scenarios.

Command Injection Dell Data Domain Operating System
NVD VulDB
CVSS 3.1
6.7
EPSS
0.5%
CVE-2026-46730 MEDIUM PATCH This Month

Incorrect authorization in Dell PowerProtect Data Domain permits a high-privileged local attacker to execute commands outside their authorized scope across a broad span of affected versions covering the main release line and all three active LTS branches. The root cause (CWE-863) indicates the appliance's Data Domain OS fails to enforce authorization boundaries correctly for certain operations accessible to already-elevated users, enabling privilege escalation within an authenticated administrative session. No public exploit code or active exploitation is confirmed at time of analysis; the CVSS 4.2 Medium score accurately reflects the significant access prerequisites - local presence plus high-level credentials - required to trigger the flaw.

Authentication Bypass Dell Data Domain Operating System
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-46468 MEDIUM PATCH This Month

Dell PowerProtect Data Domain exposes sensitive file content to high-privileged local attackers through a symlink-following flaw (CWE-59), where the application fails to validate link targets before file access. Affected versions span multiple release trains including the current 8.x mainline and LTS branches. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Dell Information Disclosure Data Domain Operating System
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2026-46467 MEDIUM PATCH This Month

Sensitive information disclosure in Dell PowerProtect Data Domain exposes credentials or configuration data to local low-privileged attackers via insufficiently protected log files. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, with specific LTS branches also impacted. No public exploit code or active exploitation has been identified at time of analysis, but the high confidentiality impact (C:H) warrants prompt patching on any appliance accessible to untrusted local users or shared administrative accounts.

Dell Information Disclosure Data Domain Operating System
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-41123 MEDIUM PATCH This Month

Improper access control in the RBAC implementation of Dell PowerProtect Data Domain allows a low-privileged authenticated remote attacker to tamper with information beyond their authorized role scope. Affected releases span the main 7.7.1.0-8.6 line and three LTS tracks covering LTS2024, LTS2025, and LTS2026. No public exploit code has been identified and exploitation has not been confirmed by CISA KEV, placing this as a medium-priority issue requiring patch scheduling rather than emergency response.

Authentication Bypass Dell Data Domain Operating System
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-26355 MEDIUM PATCH This Month

OS command injection in Dell PowerProtect Data Domain across four version release trains allows a high-privileged remote attacker to execute arbitrary operating system commands on the appliance. Affected products span mainline versions 7.7.1.0 through 8.7 and three LTS branches, confirmed by Dell Security Advisory DSA-2026-278. No public exploit identified at time of analysis and the CVE is absent from CISA KEV; however, the high integrity and availability impact (I:H/A:H) on a backup appliance makes patching urgent for environments where backup infrastructure is shared or admin credentials are broadly distributed.

Command Injection Dell Data Domain Operating System
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-46645 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.5 MEDIUM]

Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46676 LOW Monitor

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. [CVSS 2.7 LOW]

Information Disclosure Data Domain Operating System
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-46644 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.0 MEDIUM]

Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-46643 LOW Monitor

Data Domain Operating System versions up to 8.4.0.0 is affected by heap-based buffer overflow (CVSS 2.3).

Buffer Overflow Heap Overflow Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-36594 CRITICAL This Week

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Domain Operating System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-30099 HIGH This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-30098 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-30097 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-30096 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-29987 HIGH This Week

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Domain Data Domain Operating System Powerprotect Dm5500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-22475 LOW Monitor

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Data Domain Operating System
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-53295 HIGH This Month

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Data Domain Operating System
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-53296 LOW Monitor

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Stack Overflow Buffer Overflow Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-51534 HIGH This Month

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Path Traversal Data Domain Operating System
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-48011 MEDIUM This Month

Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-48010 HIGH This Week

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Dell Data Domain Operating System
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-45759 HIGH This Week

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-37141 LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Redirect Dell Data Domain Operating System
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-37140 HIGH This Week

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Data Domain Operating System
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-37139 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-37138 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Data Domain Operating System
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-29177 LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Domain Operating System
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2024-29176 HIGH This Week

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Memory Corruption Data Domain Operating System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-29175 MEDIUM This Month

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-29174 MEDIUM This Month

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell Data Domain Operating System
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-29173 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Dell Data Domain Operating System
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-28973 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Dell Data Domain Operating System
NVD
CVSS 3.1
4.8
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Improper authorization enforcement in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6, plus LTS branches 8.6.1.0-8.6.1.10, 8.3.1.0-8.3.1.30, and 7.13.1.0-7.13.1.70) allows a low-privileged, remote authenticated attacker to reach resources or actions beyond their assigned role, resulting in unauthorized access. Rated CVSS 8.8 (High) with high confidentiality, integrity, and availability impact and low attack complexity. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low barrier to exploitation for any existing account makes this a meaningful escalation risk on these backup appliances.

Authentication Bypass Dell Data Domain Operating System
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Dell PowerProtect Data Domain (DDOS versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70) allows a remote, unauthenticated attacker to crash or hang the appliance by triggering an integer overflow (CWE-190). Per the CVSS vector (PR:N/UI:N), no authentication or user interaction is required, and the impact is confined to availability (C:N/I:N/A:H) - no data disclosure or code execution. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV; EPSS was not provided.

Integer Overflow Dell Denial Of Service +1
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Unauthorized file modification in Dell PowerProtect Data Domain allows a high-privileged remote attacker to write files outside the intended restricted directory via path traversal. Affected across multiple release trains spanning versions 7.7.1.0 through 8.7, including LTS2024, LTS2025, and LTS2026 branches. Dell has published advisory DSA-2026-278 addressing this flaw; no public exploit code or active exploitation has been identified at time of analysis.

Dell Path Traversal Data Domain Operating System
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored cross-site scripting in Dell PowerProtect Data Domain (DD OS 7.7.1.0 through 8.7, plus the LTS2026 8.6.1.x, LTS2025 8.3.1.x, and LTS2024 7.13.1.x branches) lets a remote attacker persist malicious script in the appliance management interface that executes in other users' browser sessions. Because the flaw is reachable without authentication and the injected payload runs in the victim's authenticated context, an attacker can achieve information disclosure, session/token theft, and client-side request forgery against operators of the backup appliance. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Dell has published advisory DSA-2026-278.

XSS Dell Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Information exposure in Dell PowerProtect Data Domain across multiple release tracks allows a low-privileged local attacker to read sensitive residual data via an uninitialized memory resource (CWE-908). The flaw spans the mainline 7.7.1.0-8.7 branch and three LTS tracks (LTS2024, LTS2025, LTS2026), confirmed by Dell via advisory DSA-2026-278. No public exploit code exists and no active exploitation has been identified; the CVSS 3.3 score and local-only attack vector place this firmly in the low-severity tier.

Dell Information Disclosure Data Domain Operating System
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

OS command injection in Dell PowerProtect Data Domain enables a high-privileged local attacker to execute arbitrary operating system commands on the backup appliance, achieving full command execution within the Data Domain OS (DDOS). The flaw spans the general release track (7.7.1.0-8.6) and three LTS streams (LTS2024, LTS2025, LTS2026), indicating a shared vulnerable code path across a wide version surface. No public exploit code or CISA KEV listing exists at time of analysis, and the PR:H/AV:L prerequisites meaningfully constrain real-world risk to insider threats or post-compromise scenarios.

Command Injection Dell Data Domain Operating System
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Incorrect authorization in Dell PowerProtect Data Domain permits a high-privileged local attacker to execute commands outside their authorized scope across a broad span of affected versions covering the main release line and all three active LTS branches. The root cause (CWE-863) indicates the appliance's Data Domain OS fails to enforce authorization boundaries correctly for certain operations accessible to already-elevated users, enabling privilege escalation within an authenticated administrative session. No public exploit code or active exploitation is confirmed at time of analysis; the CVSS 4.2 Medium score accurately reflects the significant access prerequisites - local presence plus high-level credentials - required to trigger the flaw.

Authentication Bypass Dell Data Domain Operating System
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Dell PowerProtect Data Domain exposes sensitive file content to high-privileged local attackers through a symlink-following flaw (CWE-59), where the application fails to validate link targets before file access. Affected versions span multiple release trains including the current 8.x mainline and LTS branches. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Dell Information Disclosure Data Domain Operating System
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Sensitive information disclosure in Dell PowerProtect Data Domain exposes credentials or configuration data to local low-privileged attackers via insufficiently protected log files. Affected are multiple release trains spanning versions 7.7.1.0 through 8.7, with specific LTS branches also impacted. No public exploit code or active exploitation has been identified at time of analysis, but the high confidentiality impact (C:H) warrants prompt patching on any appliance accessible to untrusted local users or shared administrative accounts.

Dell Information Disclosure Data Domain Operating System
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Improper access control in the RBAC implementation of Dell PowerProtect Data Domain allows a low-privileged authenticated remote attacker to tamper with information beyond their authorized role scope. Affected releases span the main 7.7.1.0-8.6 line and three LTS tracks covering LTS2024, LTS2025, and LTS2026. No public exploit code has been identified and exploitation has not been confirmed by CISA KEV, placing this as a medium-priority issue requiring patch scheduling rather than emergency response.

Authentication Bypass Dell Data Domain Operating System
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

OS command injection in Dell PowerProtect Data Domain across four version release trains allows a high-privileged remote attacker to execute arbitrary operating system commands on the appliance. Affected products span mainline versions 7.7.1.0 through 8.7 and three LTS branches, confirmed by Dell Security Advisory DSA-2026-278. No public exploit identified at time of analysis and the CVE is absent from CISA KEV; however, the high integrity and availability impact (I:H/A:H) on a backup appliance makes patching urgent for environments where backup infrastructure is shared or admin credentials are broadly distributed.

Command Injection Dell Data Domain Operating System
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.5 MEDIUM]

Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. [CVSS 2.7 LOW]

Information Disclosure Data Domain Operating System
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.0 MEDIUM]

Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Data Domain Operating System versions up to 8.4.0.0 is affected by heap-based buffer overflow (CVSS 2.3).

Buffer Overflow Heap Overflow Denial Of Service +1
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Domain Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Domain +2
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Data Domain Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Data Domain Operating System
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Stack Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Path Traversal +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Dell +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Redirect Dell +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Data Domain Operating System
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Data Domain Operating System
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Data Domain Operating System
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Domain Operating System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Dell Data Domain Operating System
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Dell +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy