Dell PowerProtect Data Domain 7.7.1.0-8.6 missing auth critical func: root exec
CVE-2026-26944 Published on April 20, 2026

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-26944 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Affected Versions

Dell PowerProtect Data Domain:

Before 8.6.1.10, 8.7.0.0 or later is affected.
Before 8.3.1.30 or later is affected.
Before 7.13.1.70 or later is affected.
Before 2.7.9 with DD OS 8.3.1.30 is affected.

Dell PowerProtect Data Domain 7.7.1.0-8.6 missing auth critical func: root execCVE-2026-26944 Published on April 20, 2026

Vulnerability Analysis

Weakness Type

Missing Authentication for Critical Function

Affected Versions

Dell PowerProtect Data Domain 7.7.1.0-8.6 missing auth critical func: root exec
CVE-2026-26944 Published on April 20, 2026