cbcvebase.
CVE-2026-35153
published 2026-04-17

CVE-2026-35153: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through…

PriorityP336medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.21%
11.9th percentile
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Affected

9 ranges
VendorProductVersion rangeFixed in
delldata_domain_operating_system
delldata_domain_operating_system>= 7.14.0.0 < 8.3.1.308.3.1.30
delldata_domain_operating_system>= 7.7.1.0 < 7.13.1.707.13.1.70
delldata_domain_operating_system>= 8.4.0.0 < 8.6.1.108.6.1.10
dellpowerprotect_data_domain< 8.6.1.10, 8.7.0.1 or later8.6.1.10, 8.7.0.1 or later
dellpowerprotect_data_domain< 8.3.1.30 or later8.3.1.30 or later
dellpowerprotect_data_domain< 7.13.1.70 or later7.13.1.70 or later
dellpowerprotect_data_domain< 2.7.9 with DD OS 8.3.1.302.7.9 with DD OS 8.3.1.30
dellpowerprotect_dp_series_appliance< 2.7.92.7.9
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.