CVE-2026-24505
published 2026-04-20CVE-2026-24505: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could…
PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.42%
33.4th percentile
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | >= 7.7.1.0 < 8.6.1.0 | 8.6.1.0 |
| dell | powerprotect_data_domain | < 8.6.1.10, 8.7.0.0 or later | 8.6.1.10, 8.7.0.0 or later |
| dell | powerprotect_data_domain | < 2.7.9 with DD OS 8.3.1.30 | 2.7.9 with DD OS 8.3.1.30 |
| dell | powerprotect_dp_series_appliance | < 2.7.9 | 2.7.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5f9j-32h2-hhg6: Dell PowerProtect Data Domain, versions 8
ghsa_unreviewed·2026-04-20
CVE-2026-24505 [HIGH] CWE-20 GHSA-5f9j-32h2-hhg6: Dell PowerProtect Data Domain, versions 8
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
VulDB
Dell PowerProtect Data Domain 8.5/8.6 input validation (dsa-2026-060 / EUVD-2026-23885)
vuldb·2026-04-20·CVSS 7.2
CVE-2026-24505 [HIGH] Dell PowerProtect Data Domain 8.5/8.6 input validation (dsa-2026-060 / EUVD-2026-23885)
A vulnerability was found in Dell PowerProtect Data Domain 8.5/8.6. It has been rated as critical. This impacts an unknown function. Performing a manipulation results in improper input validation.
This vulnerability was named CVE-2026-24505. The attack may be initiated remotely. There is no available exploit.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-20
Published