Command Injection Vulnerability in Dell PowerProtect Data Domain
CVE-2026-23778

7.2HIGH

Key Information:

Vendor: Dell
Status: Powerprotect Data Domain
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-23778?

The command injection vulnerability in Dell PowerProtect Data Domain affects multiple versions of the Data Domain Operating System. A high privileged attacker with remote access could exploit this vulnerability to execute arbitrary commands, potentially leading to unauthorized root-level access. This weakness presents a significant security risk, allowing malicious actors to compromise the integrity and confidentiality of the affected systems.

Affected Version(s)

PowerProtect Data Domain 0 < 8.6.0.0 or later

PowerProtect Data Domain 0 < 8.3.1.20 or later

PowerProtect Data Domain 0 < 7.13.1.50 or later

References

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Jan 16, 2026

CVE-2026-23778 Data

JSON