Dell PowerProtect Data Domain OS cmd-injection remote exec 7.7.1.08.5
CVE-2026-23774 Published on April 20, 2026

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-23774 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2026-23774 has been classified to as a Shell injection vulnerability or weakness.

Affected Versions

Dell PowerProtect Data Domain:

Before 8.6.0.0 or later is affected.
Before 8.3.1.20 or later is affected.
Before 7.13.1.50 or later is affected.
Before 2.7.9 with DD OS 8.3.1.30 is affected.

Dell PowerProtect Data Domain OS cmd-injection remote exec 7.7.1.08.5CVE-2026-23774 Published on April 20, 2026

Vulnerability Analysis

Weakness Type

What is a Shell injection Vulnerability?

Affected Versions

Dell PowerProtect Data Domain OS cmd-injection remote exec 7.7.1.08.5
CVE-2026-23774 Published on April 20, 2026