Input Validation Flaw in Dell PowerProtect Data Domain (v7.7-8.6) Enables RCE
CVE-2026-24504 Published on April 20, 2026

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-24504 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Versions

Dell PowerProtect Data Domain:

Before 8.6.1.10, 8.7.0.0 or later is affected.
Before 8.3.1.30 or later is affected.
Before 7.13.1.70 or later is affected.
Before 2.7.9 with DD OS 8.3.1.30 is affected.

Input Validation Flaw in Dell PowerProtect Data Domain (v7.7-8.6) Enables RCECVE-2026-24504 Published on April 20, 2026

Vulnerability Analysis

Weakness Type

Improper Input Validation

Affected Versions

Input Validation Flaw in Dell PowerProtect Data Domain (v7.7-8.6) Enables RCE
CVE-2026-24504 Published on April 20, 2026