cbcvebase.

Dell Powerprotect Dp Series Appliance vulnerabilities

22 known vulnerabilities affecting dell/powerprotect_dp_series_appliance.

Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH12MEDIUM9

Vulnerabilities

Page 1 of 2
CVE-2026-26354P2CRITICALCVSS 9.8fixed in 2.7.92026-04-22
CVE-2026-26354 [CRITICAL] CWE-121 CVE-2026-26354: Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1 Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this
nvd
CVE-2026-26944P2HIGHCVSS 8.8fixed in 2.7.92026-04-20
CVE-2026-26944 [HIGH] CWE-306 CVE-2026-26944: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary comman
nvd
CVE-2025-29987P2HIGHCVSS 8.8≥ N/A, < 2.7.82025-04-03
CVE-2025-29987 [HIGH] CWE-1220 CVE-2025-29987: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 c Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.
nvd
CVE-2026-23776P3HIGHCVSS 8.8fixed in 2.7.92026-04-17
CVE-2026-23776 [HIGH] CWE-295 CVE-2026-23776: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote acce
nvd
CVE-2026-26943P3HIGHCVSS 7.2fixed in 2.7.92026-04-20
CVE-2026-26943 [HIGH] CWE-78 CVE-2026-26943: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root pri
nvd
CVE-2026-26942P3HIGHCVSS 7.2fixed in 2.7.92026-04-20
CVE-2026-26942 [HIGH] CWE-78 CVE-2026-26942: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Spe Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
nvd
CVE-2026-23774P3HIGHCVSS 7.2fixed in 2.7.92026-04-20
CVE-2026-23774 [HIGH] CWE-78 CVE-2026-23774: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnera
nvd
CVE-2026-24506P3HIGHCVSS 7.2fixed in 2.7.92026-04-20
CVE-2026-24506 [HIGH] CWE-78 CVE-2026-24506: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.
nvd
CVE-2026-22761P3HIGHCVSS 7.2fixed in 2.7.92026-04-20
CVE-2026-22761 [HIGH] CWE-78 CVE-2026-22761: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
nvd
CVE-2026-23778P3HIGHCVSS 7.2fixed in 2.7.92026-04-17
CVE-2026-23778 [HIGH] CWE-77 CVE-2026-23778: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerabili
nvd
CVE-2026-24504P3HIGHCVSS 7.2fixed in 2.7.92026-04-20
CVE-2026-24504 [HIGH] CWE-20 CVE-2026-24504: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with roo
nvd
CVE-2026-24505P3HIGHCVSS 7.2fixed in 2.7.92026-04-20
CVE-2026-24505 [HIGH] CWE-20 CVE-2026-24505: Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnera Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
nvd
CVE-2026-23853P3HIGHCVSS 8.4fixed in 2.7.92026-04-17
CVE-2026-23853 [HIGH] CWE-1391 CVE-2026-23853: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vul
nvd
CVE-2026-35072P3MEDIUMCVSS 6.7fixed in 2.7.92026-04-17
CVE-2026-35072 [MEDIUM] CWE-78 CVE-2026-35072: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileged attacker with local access could potentially expl
nvd
CVE-2026-22762P3MEDIUMCVSS 6.5≥ N/A, < 2.7.9 with AV CHF 3389122026-02-17
CVE-2026-22762 [MEDIUM] CWE-22 CVE-2026-22762: Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain a Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete.
nvd
CVE-2026-35074P3MEDIUMCVSS 6.7fixed in 2.7.92026-04-17
CVE-2026-35074 [MEDIUM] CWE-78 CVE-2026-35074: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker with local access could potentially exploit this vulner
nvd
CVE-2026-26951P3MEDIUMCVSS 6.7fixed in 2.7.92026-04-20
CVE-2026-26951 [MEDIUM] CWE-121 CVE-2026-26951: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with
nvd
CVE-2025-36598P3MEDIUMCVSS 6.5≥ N/A, < 2.7.9 with AV CHF 3389052026-02-17
CVE-2025-36598 [MEDIUM] CWE-22 CVE-2025-36598: Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathnam Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious files.
nvd
CVE-2026-23779P3MEDIUMCVSS 6.7fixed in 2.7.92026-04-17
CVE-2026-23779 [MEDIUM] CWE-77 CVE-2026-23779: Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerabil
nvd
CVE-2026-35153P3MEDIUMCVSS 6.7fixed in 2.7.92026-04-17
CVE-2026-35153 [MEDIUM] CWE-88 CVE-2026-35153: Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attacker with local access could potentially exploit this
nvd
Dell Powerprotect Dp Series Appliance vulnerabilities | cvebase