Dell PowerProtect DD OS CVE-2026-23776 Improper Cert Validation v7.7.1.08.5
CVE-2026-23776 Published on April 17, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Vulnerability Analysis
CVE-2026-23776 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Affected Versions
Dell PowerProtect Data Domain:- Before 8.3.1.30 or later is affected.
- Before 7.13.1.70 or later is affected.
- Before 8.6.0.0 or later is affected.
- Before 2.7.9 with DD OS 8.3.1.30 is affected.