Dell Dell

  1. Vendors
  2. Dell

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Dell product.

RSS Feeds for Dell security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Dell Sorted by Most Security Vulnerabilities since 2018

Dell Powerscale Onefs98 vulnerabilities

Dell Wyse Management Suite50 vulnerabilities

Dell Unity Operating Environment45 vulnerabilities

Dell Data Domain Operating System38 vulnerabilities

Dell Smartfabric Os1032 vulnerabilities

Dell Unity29 vulnerabilities

Dell Secure Connect Gateway28 vulnerabilities

Dell Bsafe Micro Edition Suite28 vulnerabilities

Dell Supportassist For Home Pcs26 vulnerabilities

Dell Bsafe Crypto C Micro Edition19 vulnerabilities

Dell Supportassist For Business Pcs19 vulnerabilities

Dell Powerprotect Data Manager18 vulnerabilities

Dell Bsafe Ssl J18 vulnerabilities

Dell Unisphere Powermax Virtual Appliance18 vulnerabilities

Dell Alienware Command Center17 vulnerabilities

Dell Unisphere For Powermax17 vulnerabilities

Dell Cloudlink16 vulnerabilities

Dell Solutions Enabler Virtual Appliance15 vulnerabilities

Dell Objectscale13 vulnerabilities

Dell Supportassist13 vulnerabilities

Dell Recoverpoint Virtual Machines13 vulnerabilities

Dell Command Update12 vulnerabilities

Dell Policy Manager Secure Connect Gateway12 vulnerabilities

Dell Elastic Cloud Storage12 vulnerabilities

Dell Openmanage Enterprise12 vulnerabilities

Dell Networker11 vulnerabilities

Dell Bsafe Crypto J10 vulnerabilities

Dell Unity Xt Operating Environment10 vulnerabilities

Dell Smartfabric Storage Software10 vulnerabilities

Dell Insightiq10 vulnerabilities

Dell Unityvsa Operating Environment10 vulnerabilities

Dell Networking Os109 vulnerabilities

Dell Controlvault38 vulnerabilities

Dell Digital Delivery8 vulnerabilities

Dell Alienware Update7 vulnerabilities

Dell Appsync7 vulnerabilities

Dell Avamar Server7 vulnerabilities

Dell Repository Manager7 vulnerabilities

Dell Storage Manager7 vulnerabilities

Dell Openmanage Server Administrator7 vulnerabilities

Dell Encryption7 vulnerabilities

Dell Enterprise Sonic Distribution7 vulnerabilities

Dell Supportassist Os Recovery6 vulnerabilities

Dell Display Manager6 vulnerabilities

Dell Emc Appsync6 vulnerabilities

Dell Update6 vulnerabilities

Dell Emc Idrac Service Module6 vulnerabilities

Dell Thinos6 vulnerabilities

Dell Endpoint Security Suite Enterprise6 vulnerabilities

Dell Powerstoreos5 vulnerabilities

Dell Command Monitor5 vulnerabilities

Dell Data Lakehouse5 vulnerabilities

Dell Enterprise Sonic Os5 vulnerabilities

Dell Power Manager5 vulnerabilities

Dell Unisphere 3605 vulnerabilities

Dell Common Event Enabler4 vulnerabilities

Dell Powerprotect Cyber Recovery4 vulnerabilities

Dell Idrac94 vulnerabilities

Known Exploited Dell Vulnerabilities

The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence.
CVE-2026-22769 Exploit Probability: 22.0% 		February 18, 2026
Dell dbutil Driver Insufficient Access Control Vulnerability Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure.
CVE-2021-21551 Exploit Probability: 74.5% 		March 31, 2022

2 known exploited Dell vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 133 vulnerabilities in Dell with an average score of 6.3 out of ten. Last year, in 2025 Dell had 204 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dell in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.44




Year Vulnerabilities Average Score
2026 133 6.33
2025 204 6.77
2024 218 7.08
2023 168 6.97
2022 125 7.21
2021 139 6.94
2020 35 7.45
2019 54 7.32
2018 57 7.21

It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2022-34363 May 22, 2026
Dell Unisphere PowerMax vApp <10.0.0.2 Auth Bypass Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the  Unisphere for VMAX application running in vApp
Unisphere For Powermax
Unisphere Powermax Virtual Appliance
Unisphere 360
CVE-2022-31231 May 22, 2026
CVE-2022-31231: Improper Access Control in Dell ECS 3.5/3.6 IAM Module Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.
CVE-2021-21508 May 22, 2026
Dell VxRail Manager < 7.0.200: Plain-text Password Storage CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CVE-2025-32751 May 22, 2026
Dell PowerFlex Manager <=4.6.2: Insecure Storage of Sensitive Info Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.
CVE-2025-46371 May 22, 2026
Dell PowerFlex Manager <=4.6.2 SSH Uses Broken Crypto Local Privileged Bypass Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
CVE-2025-26483 May 22, 2026
Dell PowerFlex Manager <=4.6.2: Unauth Open Redirect Vulnerability Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.
CVE-2025-32745 May 22, 2026
Dell PowerFlex Manager <=4.6.2 Improper Cert Validation (Info Tampering) Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.
CVE-2025-32746 May 22, 2026
Dell PowerFlex Manager <=4.6.2 Insecure Storage of Info Vulnerability Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.
CVE-2025-32747 May 22, 2026
Dell PowerFlex Manager <=4.6.2: Incorrect Privilege Assignment (Low Priv Esc) Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2025-32749 May 22, 2026
Dell PowerFlex Mgr <=4.6.2 Dir Listing Info Exposure Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2025-32750 May 20, 2026
Dell PowerFlex Manager 4.6.2 Directory Listing Info Disclosure Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-35070 May 20, 2026
Dell SmartFabric Storage Software <1.4.5 Command Injection Vulnerability Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Smartfabric Storage Software
CVE-2026-41119 May 18, 2026
Dell Live Optics Improper Cert Validation in Windows Collectors Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity.
CVE-2026-40638 May 12, 2026
Dell PowerScale InsightIQ 5.0.0-6.2.0 PrivEsc Exec Vulnerability Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Insightiq
CVE-2026-35071 May 12, 2026
Dell InsightIQ 6.0.0-6.2.0 OS Command Injection (CVE-2026-35071) Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Insightiq
CVE-2026-26946 May 11, 2026
Dell ECS OS Privilege Escalation v3.8.1.0-3.8.1.7 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Objectscale
CVE-2026-35157 May 11, 2026
Dell ECS/OS CSV Formula Injection Remote Exec (3.8.1.03.8.1.7, <4.3.0.0) Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.
Objectscale
CVE-2025-43992 May 11, 2026
Dell ECS 3.8.1.03.8.1.7 / ObjScale <4.3.0.0: Geo Rep Auth Bypass Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit.
Objectscale
CVE-2026-40636 May 11, 2026
Dell ECS 3.8.1.0-3.8.1.7 / Dell ObjectScale <4.3.0 Hardcoded Credentials Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.
Objectscale
CVE-2026-32658 May 11, 2026
Dell Automation Platform <2.0.0.0: Missing Auth (CVE-2026-32658) Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2026-32803 May 08, 2026
Dell PowerScale OneFS 9.12.0.1: Insufficient Logging CVE202632803 Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
Powerscale Onefs
CVE-2026-27105 Apr 29, 2026
Dell Alienware Purchased Apps <1.1.31 Improper Link Follow Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
CVE-2026-35155 Apr 29, 2026
Dell iDRAC10 Insufficiently Protected Credentials (Race) before 1.30.05.10 Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated lowprivileged attacker to gain elevated access.
CVE-2026-23773 Apr 29, 2026
Dell Disk Library SSRF in DLm 8700/2700 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
CVE-2026-32655 Apr 27, 2026
Dell AWCC 6.13.7 LPE via local lowpriv attacker Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Alienware Command Center
CVE-2026-25908 Apr 27, 2026
Dell AWCC <=6.13.8.0 Exec Unnecessary Privileges Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Alienware Command Center
CVE-2026-26354 Apr 22, 2026
Dell PowerProtect Data Domain DD OS 7.7.1.0-8.6 Stack Buffer Overflow Exec Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-35154 Apr 20, 2026
Dell PowerProtect DD: IDRAC Privilege Escalation (7.7.1.08.7.0.0) Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges to access unauthorized delete operation.
CVE-2026-26951 Apr 20, 2026
PowerProtect Data Domain Stack Overflow (v7.7.1.08.6) LPE Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-22761 Apr 20, 2026
Command Injection in Dell PowerProtect Data Domain 8.5-8.6 (Remote). Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-26942 Apr 20, 2026
Dell PowerProtect Data Domain OS Command Injection 8.5-8.6 Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-26943 Apr 20, 2026
OS Command Injection in Dell PowerProtect Data Domain 7.7.1.08.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-24506 Apr 20, 2026
Dell PowerProtect Data Domain OS Command Injection 7.7.1-8.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.
CVE-2026-24505 Apr 20, 2026
Dell PowerProtect Data Domain 8.5-8.6 Improper Input Validation RCE Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-24504 Apr 20, 2026
Input Validation Flaw in Dell PowerProtect Data Domain (v7.7-8.6) Enables RCE Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-23774 Apr 20, 2026
Dell PowerProtect Data Domain OS cmd-injection remote exec 7.7.1.08.5 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-26944 Apr 20, 2026
Dell PowerProtect Data Domain 7.7.1.0-8.6 missing auth critical func: root exec Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.
CVE-2026-23777 Apr 17, 2026
Dell PowerProtect DD OS Info Exposure Vulnerability (7.7.18.5) Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
CVE-2026-28263 Apr 17, 2026
XSS in Dell PowerProtect Data Domain OS v7.7-8.5, 8.3.1-20, 7.13.1-50 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a cross-site Scripting vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVE-2025-46606 Apr 17, 2026
Excess Auth Attempts in Dell PowerProtect DD OS 8.48.5 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2025-46605 Apr 17, 2026
Dell PowerProtect DDOS 8.4-8.5 Session Fixation Vulnerability Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2025-46641 Apr 17, 2026
Dell PowerProtect Data Domain DD OS 8.4-8.5 Improper Auth Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2025-46607 Apr 17, 2026
Dell PowerProtect Data Domain DD OS 8.4-8.5 Improper Auth Vulnerability Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-35073 Apr 17, 2026
Dell PowerProtect OS Command Injection v7.7.1.0-8.7.0.0 (LTS2025 8.3.1.0-20, LTS2024 7.13.1.0-60) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-35074 Apr 17, 2026
Dell PowerProtect Data Domain OS Command Injection (7.7.1.0-8.7.0.0) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-35072 Apr 17, 2026
OS Command Injection in Dell PowerProtect Data Domain 7.7.1.08.7.0.0 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-35153 Apr 17, 2026
Dell PowerProtect Data Domain: Arg Injection (cmd exec) pre-8.7.0.0, 8.3.1.020, 7.13.1.060 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-23779 Apr 17, 2026
Dell PowerProtect DD OS 7.7-8.5/8.3.1.0-8.3.1.20 cmd injection root Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain root-level access.
CVE-2026-23776 Apr 17, 2026
Dell PowerProtect DD OS CVE-2026-23776 Improper Cert Validation v7.7.1.08.5 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2026-23778 Apr 17, 2026
Dell PowerProtect DD OS 7.7.1.0-8.5: Command Injection Root Access Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to gain root-level access.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.