Dell PowerProtect DD OS Info Exposure Vulnerability (7.7.18.5)
CVE-2026-23777 Published on April 17, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
Vulnerability Analysis
CVE-2026-23777 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-23777 has been classified to as an Information Disclosure vulnerability or weakness.
Affected Versions
Dell PowerProtect Data Domain:- Before 8.6.0.0 or later is affected.
- Before 8.3.1.20 or later is affected.
- Before 7.13.1.50 or later is affected.
- Before 2.7.9 with DD OS 8.3.1.30 is affected.