Dell PowerProtect DD OS 7.7.1.0-8.5: Command Injection Root Access
CVE-2026-23778 Published on April 17, 2026

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to gain root-level access.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-23778 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Command Injection Vulnerability?

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE-2026-23778 has been classified to as a Command Injection vulnerability or weakness.

Affected Versions

Dell PowerProtect Data Domain:

Before 8.6.0.0 or later is affected.
Before 8.3.1.20 or later is affected.
Before 7.13.1.50 or later is affected.
Before 2.7.9 with DD OS 8.3.1.30 is affected.

Dell PowerProtect DD OS 7.7.1.0-8.5: Command Injection Root AccessCVE-2026-23778 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

What is a Command Injection Vulnerability?

Affected Versions

Dell PowerProtect DD OS 7.7.1.0-8.5: Command Injection Root Access
CVE-2026-23778 Published on April 17, 2026