Dell PowerProtect Data Domain OS Weak Credentials Pre-8.5 Vulnerable
CVE-2026-23853 Published on April 17, 2026

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-23853 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

CWE-1391

Affected Versions

Dell PowerProtect Data Domain:

Before 8.6.0.0 or later is affected.
Before 8.3.1.20 or later is affected.
Before 7.13.1.50 or later is affected.
Before 2.7.9 with DD OS 8.3.1.30 is affected.

Dell PowerProtect Data Domain OS Weak Credentials Pre-8.5 VulnerableCVE-2026-23853 Published on April 17, 2026

Vulnerability Analysis

Weakness Type

Affected Versions

Dell PowerProtect Data Domain OS Weak Credentials Pre-8.5 Vulnerable
CVE-2026-23853 Published on April 17, 2026