CVE-2026-23777
published 2026-04-17CVE-2026-23777: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0…
PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.30%
21.5th percentile
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | 7.7.1.0 – 8.5.0.0 | — |
| dell | powerprotect_data_domain | < 8.6.0.0 or later | 8.6.0.0 or later |
| dell | powerprotect_data_domain | < 8.3.1.20 or later | 8.3.1.20 or later |
| dell | powerprotect_data_domain | < 7.13.1.50 or later | 7.13.1.50 or later |
| dell | powerprotect_data_domain | < 2.7.9 with DD OS 8.3.1.30 | 2.7.9 with DD OS 8.3.1.30 |
| dell | powerprotect_data_domain | 7.13.1.0 – 7.13.1.50 | — |
| dell | powerprotect_data_domain | 8.3.1.0 – 8.3.1.20 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x63q-987j-jrv7: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7
ghsa_unreviewed·2026-04-17
CVE-2026-23777 [MEDIUM] CWE-200 GHSA-x63q-987j-jrv7: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
VulDB
Dell PowerProtect Data Domain up to 8.5 information disclosure (dsa-2026-060)
vuldb·2026-04-17·CVSS 4.3
CVE-2026-23777 [MEDIUM] Dell PowerProtect Data Domain up to 8.5 information disclosure (dsa-2026-060)
A vulnerability was found in Dell PowerProtect Data Domain up to 8.5. It has been classified as problematic. This affects an unknown function. This manipulation causes information disclosure.
The identification of this vulnerability is CVE-2026-23777. It is possible to initiate the attack remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-17
Published