Dell PowerProtect Data Domain DD OS 8.0-8.5 Log Sensitive Info Injection: CVE-2026-23775 April 2026

Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to credential exposures. Authentication attempts as the compromised user would need to be authorized by a high privileged DD user. This vulnerability only affects systems with retention lock enabled.

Vulnerability Analysis

CVE-2026-23775 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Dell PowerProtect Data Domain DD OS 8.0-8.5 Log Sensitive Info Injection
CVE-2026-23775 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

Insertion of Sensitive Information into Log File

Affected Versions

Dell PowerProtect Data Domain DD OS 8.0-8.5 Log Sensitive Info InjectionCVE-2026-23775 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

Insertion of Sensitive Information into Log File

Affected Versions

Dell PowerProtect Data Domain DD OS 8.0-8.5 Log Sensitive Info Injection
CVE-2026-23775 Published on April 17, 2026