OS Command Injection in Dell PowerProtect Data Domain 7.7.1.08.6
CVE-2026-26943 Published on April 20, 2026

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-26943 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2026-26943 has been classified to as a Shell injection vulnerability or weakness.

Affected Versions

Dell PowerProtect Data Domain:

Before 8.6.1.10, 8.7.0.0 or later is affected.
Before 8.3.1.30 or later is affected.
Before 7.13.1.70 or later is affected.
Before 2.7.9 with DD OS 8.3.1.30 is affected.

OS Command Injection in Dell PowerProtect Data Domain 7.7.1.08.6CVE-2026-26943 Published on April 20, 2026

Vulnerability Analysis

Weakness Type

What is a Shell injection Vulnerability?

Affected Versions

OS Command Injection in Dell PowerProtect Data Domain 7.7.1.08.6
CVE-2026-26943 Published on April 20, 2026