CVE-2026-22761
published 2026-04-20CVE-2026-22761: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could…
PriorityP352high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.16%
63.1th percentile
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | >= 7.7.1.0 < 8.6.1.0 | 8.6.1.0 |
| dell | powerprotect_data_domain | < 8.6.1.10, 8.7.0.0 or later | 8.6.1.10, 8.7.0.0 or later |
| dell | powerprotect_data_domain | < 2.7.9 with DD OS 8.3.1.30 | 2.7.9 with DD OS 8.3.1.30 |
| dell | powerprotect_dp_series_appliance | < 2.7.9 | 2.7.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Dell PowerProtect Data Domain 8.5/8.6 os command injection (dsa-2026-060 / EUVD-2026-23906)
vuldb·2026-04-20·CVSS 6.7
CVE-2026-22761 [MEDIUM] Dell PowerProtect Data Domain 8.5/8.6 os command injection (dsa-2026-060 / EUVD-2026-23906)
A vulnerability, which was classified as critical, has been found in Dell PowerProtect Data Domain 8.5/8.6. The affected element is an unknown function. The manipulation leads to os command injection.
This vulnerability is documented as CVE-2026-22761. The attack needs to be performed locally. There is not any exploit available.
GHSA
GHSA-p8w2-3jvp-85x5: Dell PowerProtect Data Domain, versions 8
ghsa_unreviewed·2026-04-20
CVE-2026-22761 [MEDIUM] CWE-78 GHSA-p8w2-3jvp-85x5: Dell PowerProtect Data Domain, versions 8
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-20
Published