Dell PowerProtect DD OS 7.7-8.5/8.3.1.0-8.3.1.20 cmd injection root
CVE-2026-23779 Published on April 17, 2026

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain root-level access.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-23779 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Command Injection Vulnerability?

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE-2026-23779 has been classified to as a Command Injection vulnerability or weakness.

Affected Versions

Dell PowerProtect Data Domain:

Before 8.6.0.0 or later is affected.
Before 8.3.1.20 or later is affected.
Before 7.13.1.50 or later is affected.
Before 2.7.9 with DD OS 8.3.1.30 is affected.

Dell PowerProtect DD OS 7.7-8.5/8.3.1.0-8.3.1.20 cmd injection rootCVE-2026-23779 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

What is a Command Injection Vulnerability?

Affected Versions

Dell PowerProtect DD OS 7.7-8.5/8.3.1.0-8.3.1.20 cmd injection root
CVE-2026-23779 Published on April 17, 2026