CVE-2026-26942
published 2026-04-20CVE-2026-26942: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection…
PriorityP355high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.88%
54.6th percentile
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | >= 7.7.1.0 < 8.6.1.0 | 8.6.1.0 |
| dell | powerprotect_data_domain | < 8.6.1.10, 8.7.0.0 or later | 8.6.1.10, 8.7.0.0 or later |
| dell | powerprotect_data_domain | < 2.7.9 with DD OS 8.3.1.30 | 2.7.9 with DD OS 8.3.1.30 |
| dell | powerprotect_dp_series_appliance | < 2.7.9 | 2.7.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f22f-m2ph-vfcc: Dell PowerProtect Data Domain, versions 8
ghsa_unreviewed·2026-04-20
CVE-2026-26942 [MEDIUM] CWE-78 GHSA-f22f-m2ph-vfcc: Dell PowerProtect Data Domain, versions 8
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
VulDB
Dell PowerProtect Data Domain 8.5/8.6 os command injection (dsa-2026-060 / EUVD-2026-23895)
vuldb·2026-04-20·CVSS 6.7
CVE-2026-26942 [MEDIUM] Dell PowerProtect Data Domain 8.5/8.6 os command injection (dsa-2026-060 / EUVD-2026-23895)
A vulnerability classified as critical was found in Dell PowerProtect Data Domain 8.5/8.6. Impacted is an unknown function. Executing a manipulation can lead to os command injection.
This vulnerability is registered as CVE-2026-26942. The attack needs to be launched locally. No exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-20
Published