Use of Externally-Controlled Format String Vulnerability in Dell PowerProtect Data Domain
CVE-2026-46465

5.5MEDIUM

Key Information:

Vendor

Dell

Vendor
CVE Published:
3 July 2026

What is CVE-2026-46465?

The vulnerability affects multiple versions of Dell PowerProtect Data Domain, where the software allows for the use of externally-controlled format strings. This could enable a high-privileged attacker to exploit the system remotely, potentially leading to critical risks such as information disclosure and denial of service. Users of affected versions should act promptly to mitigate the associated risks by applying security updates provided by Dell.

Affected Version(s)

PowerProtect Data Domain 0 < 8.8.0.0 or later

PowerProtect Data Domain 0 < 8.6.1.20 or later

PowerProtect Data Domain 0 < 8.3.1.40 or later

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.