Dell PowerProtect Data Domain pre-8.7 format string vulnerability
CVE-2026-46465 Published on July 3, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service.
Vulnerability Analysis
CVE-2026-46465 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a high impact on availability.
Weakness Type
Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Versions
Dell PowerProtect Data Domain:- Before 8.8.0.0 or later is affected.
- Before 8.6.1.20 or later is affected.
- Before 8.3.1.40 or later is affected.
- Before 7.13.1.80 or later is affected.