CVE-2026-24504
published 2026-04-20CVE-2026-24504: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through…
PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.44%
35.3th percentile
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | >= 7.14.0.0 < 8.3.1.30 | 8.3.1.30 |
| dell | data_domain_operating_system | >= 7.7.1.0 < 7.13.1.70 | 7.13.1.70 |
| dell | data_domain_operating_system | >= 8.4.0.0 < 8.6.1.0 | 8.6.1.0 |
| dell | powerprotect_data_domain | < 8.6.1.10, 8.7.0.0 or later | 8.6.1.10, 8.7.0.0 or later |
| dell | powerprotect_data_domain | < 8.3.1.30 or later | 8.3.1.30 or later |
| dell | powerprotect_data_domain | < 7.13.1.70 or later | 7.13.1.70 or later |
| dell | powerprotect_data_domain | < 2.7.9 with DD OS 8.3.1.30 | 2.7.9 with DD OS 8.3.1.30 |
| dell | powerprotect_dp_series_appliance | < 2.7.9 | 2.7.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.20/8.6 input validation (dsa-2026-060 / EUVD-2026-23884)
vuldb·2026-04-20·CVSS 7.2
CVE-2026-24504 [HIGH] Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.20/8.6 input validation (dsa-2026-060 / EUVD-2026-23884)
A vulnerability was found in Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.20/8.6. It has been declared as critical. This affects an unknown function. Such manipulation leads to improper input validation.
This vulnerability is uniquely identified as CVE-2026-24504. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-wr75-mj46-c335: Dell PowerProtect Data Domain, versions 7
ghsa_unreviewed·2026-04-20
CVE-2026-24504 [HIGH] CWE-20 GHSA-wr75-mj46-c335: Dell PowerProtect Data Domain, versions 7
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-20
Published