Dell Powerprotect Data Domain vulnerabilities
32 known vulnerabilities affecting dell/powerprotect_data_domain.
Total CVEs
32
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH18MEDIUM13
Vulnerabilities
Page 1 of 2
CVE-2026-26354P2CRITICALCVSS 9.8fixed in 8.6.1.10, 8.7.0.0 or laterfixed in 8.3.1.20 or later+2 more2026-04-22
CVE-2026-26354 [CRITICAL] CWE-121 CVE-2026-26354: Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this
nvd
CVE-2026-26944P2HIGHCVSS 8.8fixed in 8.6.1.10, 8.7.0.0 or laterfixed in 8.3.1.30 or later+2 more2026-04-20
CVE-2026-26944 [HIGH] CWE-306 CVE-2026-26944: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary comman
nvd
CVE-2025-29987P2HIGHCVSS 8.8fixed in 7.10.1.602025-04-03
CVE-2025-29987 [HIGH] CWE-1220 CVE-2025-29987: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 c
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.
nvd
CVE-2026-23776P3HIGHCVSS 8.8fixed in 8.3.1.30 or laterfixed in 7.13.1.70 or later+2 more2026-04-17
CVE-2026-23776 [HIGH] CWE-295 CVE-2026-23776: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote acce
nvd
CVE-2026-26943P3HIGHCVSS 7.2fixed in 8.6.1.10, 8.7.0.0 or laterfixed in 8.3.1.30 or later+2 more2026-04-20
CVE-2026-26943 [HIGH] CWE-78 CVE-2026-26943: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root pri
nvd
CVE-2026-26942P3HIGHCVSS 7.2fixed in 8.6.1.10, 8.7.0.0 or laterfixed in 2.7.9 with DD OS 8.3.1.302026-04-20
CVE-2026-26942 [HIGH] CWE-78 CVE-2026-26942: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Spe
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
nvd
CVE-2026-23774P3HIGHCVSS 7.2fixed in 8.6.0.0 or laterfixed in 8.3.1.20 or later+2 more2026-04-20
CVE-2026-23774 [HIGH] CWE-78 CVE-2026-23774: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnera
nvd
CVE-2026-24506P3HIGHCVSS 7.2fixed in 8.6.1.10, 8.7.0.0 or laterfixed in 8.3.1.30 or later+2 more2026-04-20
CVE-2026-24506 [HIGH] CWE-78 CVE-2026-24506: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.
nvd
CVE-2026-22761P3HIGHCVSS 7.2fixed in 8.6.1.10, 8.7.0.0 or laterfixed in 2.7.9 with DD OS 8.3.1.302026-04-20
CVE-2026-22761 [HIGH] CWE-78 CVE-2026-22761: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
nvd
CVE-2023-48667P3HIGHCVSS 7.2fixed in 6.2.1.110≥ 7.0, < 7.12.0.02023-12-14
CVE-2023-48667 [HIGH] CWE-78 CVE-2023-48667: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction.
nvd
CVE-2026-23778P3HIGHCVSS 7.2fixed in 8.6.0.0 or laterfixed in 8.3.1.20 or later+2 more2026-04-17
CVE-2026-23778 [HIGH] CWE-77 CVE-2026-23778: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerabili
nvd
CVE-2026-24504P3HIGHCVSS 7.2fixed in 8.6.1.10, 8.7.0.0 or laterfixed in 8.3.1.30 or later+2 more2026-04-20
CVE-2026-24504 [HIGH] CWE-20 CVE-2026-24504: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with roo
nvd
CVE-2026-24505P3HIGHCVSS 7.2fixed in 8.6.1.10, 8.7.0.0 or laterfixed in 2.7.9 with DD OS 8.3.1.302026-04-20
CVE-2026-24505 [HIGH] CWE-20 CVE-2026-24505: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnera
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
nvd
CVE-2025-46606P3HIGHCVSS 7.2fixed in 8.6.0.0 or later2026-04-17
CVE-2025-46606 [HIGH] CWE-307 CVE-2025-46606: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
nvd
CVE-2026-23853P3HIGHCVSS 8.4fixed in 8.6.0.0 or laterfixed in 8.3.1.20 or later+2 more2026-04-17
CVE-2026-23853 [HIGH] CWE-1391 CVE-2026-23853: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vul
nvd
CVE-2025-46607P3HIGHCVSS 7.2fixed in 8.6.0.0 or later2026-04-17
CVE-2025-46607 [HIGH] CWE-287 CVE-2025-46607: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
nvd
CVE-2025-46605P3HIGHCVSS 7.2fixed in 8.6.0.0 or later2026-04-17
CVE-2025-46605 [HIGH] CWE-384 CVE-2025-46605: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
nvd
CVE-2023-44277P3HIGHCVSS 7.8fixed in 6.2.1.110≥ 7.0, < 7.12.0.02023-12-14
CVE-2023-44277 [HIGH] CWE-78 CVE-2023-44277: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable appli
nvd
CVE-2026-35072P3MEDIUMCVSS 6.7fixed in 8.6.1.10, 8.7.0.1 or laterfixed in 8.3.1.30 or later+2 more2026-04-17
CVE-2026-35072 [MEDIUM] CWE-78 CVE-2026-35072: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileged attacker with local access could potentially expl
nvd
CVE-2023-44285P3HIGHCVSS 7.8fixed in 6.2.1.110≥ 7.0, < 7.12.0.02023-12-14
CVE-2023-44285 [HIGH] CWE-1220 CVE-2023-44285: Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
nvd
1 / 2Next →