Dell PowerProtect DD: IDRAC Privilege Escalation (7.7.1.08.7.0.0)
CVE-2026-35154 Published on April 20, 2026

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability in IDRAC. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges to access unauthorized delete operation in IDRAC.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-35154 is exploitable with local system access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

HIGH

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Versions

Dell PowerProtect Data Domain appliances:

Before 8.7.0.1 or later is affected.
Before 8.3.1.30 or later is affected.
Before 7.13.1.70 or later is affected.

Dell PowerProtect DD: IDRAC Privilege Escalation (7.7.1.08.7.0.0)CVE-2026-35154 Published on April 20, 2026

Vulnerability Analysis

Weakness Type

Improper Privilege Management

Affected Versions

Dell PowerProtect DD: IDRAC Privilege Escalation (7.7.1.08.7.0.0)
CVE-2026-35154 Published on April 20, 2026