Stored Cross-Site Scripting Vulnerability in Dell PowerProtect Data Domain
CVE-2026-41122
7.1HIGH
What is CVE-2026-41122?
Dell PowerProtect Data Domain products from versions 7.7.1.0 through 8.7 and specific LTS releases contain a stored cross-site scripting vulnerability. This flaw enables unauthenticated attackers with remote access to potentially exploit the system. The exploit can lead to serious security concerns including data leakage, unauthorized session access, and vulnerabilities to client-side request forgery. It is crucial for users to assess their systems' exposure to this risk and take appropriate measures to mitigate it.
Affected Version(s)
PowerProtect Data Domain 0 < 8.8.0.0 or later
PowerProtect Data Domain 0 < 8.6.1.20 or later
PowerProtect Data Domain 0 < 8.3.1.40 or later