CVE-2026-26354
published 2026-04-22CVE-2026-26354: Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.50%
39.2th percentile
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | >= 7.14.0.0 < 8.3.1.20 | 8.3.1.20 |
| dell | data_domain_operating_system | >= 7.7.1.0 < 7.13.1.60 | 7.13.1.60 |
| dell | data_domain_operating_system | >= 8.4.0.0 < 8.6.1.10 | 8.6.1.10 |
| dell | powerprotect_data_domain | < 8.6.1.10, 8.7.0.0 or later | 8.6.1.10, 8.7.0.0 or later |
| dell | powerprotect_data_domain | < 8.3.1.20 or later | 8.3.1.20 or later |
| dell | powerprotect_data_domain | < 7.13.1.60 or later | 7.13.1.60 or later |
| dell | powerprotect_data_domain | < 2.7.9 with DD OS 8.3.1.30 | 2.7.9 with DD OS 8.3.1.30 |
| dell | powerprotect_dp_series_appliance | < 2.7.9 | 2.7.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.10/8.6 stack-based overflow (dsa-2026-060)
vuldb·2026-04-22·CVSS 8.1
CVE-2026-26354 [HIGH] Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.10/8.6 stack-based overflow (dsa-2026-060)
A vulnerability described as critical has been identified in Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.10/8.6. This affects an unknown part. Such manipulation leads to stack-based buffer overflow.
This vulnerability is uniquely identified as CVE-2026-26354. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-h5cf-xw55-j4wj: Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7
ghsa_unreviewed·2026-04-22
CVE-2026-26354 [HIGH] CWE-121 GHSA-h5cf-xw55-j4wj: Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-22
Published