CVE-2026-26943
published 2026-04-20CVE-2026-26943: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through…
PriorityP355high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.19%
64.1th percentile
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_domain_operating_system | >= 7.14.0.0 < 8.3.1.30 | 8.3.1.30 |
| dell | data_domain_operating_system | >= 7.7.1.0 < 7.13.1.70 | 7.13.1.70 |
| dell | data_domain_operating_system | >= 8.4.0.0 < 8.6.1.0 | 8.6.1.0 |
| dell | powerprotect_data_domain | < 8.6.1.10, 8.7.0.0 or later | 8.6.1.10, 8.7.0.0 or later |
| dell | powerprotect_data_domain | < 8.3.1.30 or later | 8.3.1.30 or later |
| dell | powerprotect_data_domain | < 7.13.1.70 or later | 7.13.1.70 or later |
| dell | powerprotect_data_domain | < 2.7.9 with DD OS 8.3.1.30 | 2.7.9 with DD OS 8.3.1.30 |
| dell | powerprotect_dp_series_appliance | < 2.7.9 | 2.7.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p8f5-hqp5-3gq7: Dell PowerProtect Data Domain, versions 7
ghsa_unreviewed·2026-04-20
CVE-2026-26943 [HIGH] CWE-78 GHSA-p8f5-hqp5-3gq7: Dell PowerProtect Data Domain, versions 7
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
VulDB
Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.20/8.6 os command injection (dsa-2026-060 / EUVD-2026-23898)
vuldb·2026-04-20·CVSS 7.2
CVE-2026-26943 [HIGH] Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.20/8.6 os command injection (dsa-2026-060 / EUVD-2026-23898)
A vulnerability classified as critical has been found in Dell PowerProtect Data Domain up to 7.13.1.60/8.3.1.20/8.6. This issue affects some unknown processing. Performing a manipulation results in os command injection.
This vulnerability is cataloged as CVE-2026-26943. It is possible to initiate the attack remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-20
Published