DSA-2026-278: Security Update for Dell PowerProtect Data Domain Multiple Vulnerabilities

Summary: Dell PowerProtect Data Domain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

Critical

Details

Third-Party Component

CVEs

More Information

Intel 800 Series Ethernet Linux Driver

CVE-2025-27723

Golang

CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729

Apache Tomcat

CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668

GNU Binutils

CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245

GNU elfutils

CVE-2025-1372

Libtiff

CVE-2025-9900

libxml2

CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732

libxslt

CVE-2025-24855

OpenSSL

CVE-2025-9230

setuptools

CVE-2025-47273

Rsyslog

CVE-2022-24903

Apache HTTP Server

CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200

Apache Log4j

CVE-2025-68161

Curl

CVE-2025-9086, CVE-2025-10148, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-11563

fontTools

CVE-2025-66034

GNU C Library

CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861

GnuPG

CVE-2025-68972, CVE-2025-68973

GnuPG

CVE-2025-68973

Hibernate

CVE-2025-35036

libexpat

CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375

glib

CVE-2025-7039

OpenSSL

CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160

LIBPNG

CVE-2026-22801, CVE-2026-25646, CVE-2026-22695

PostgreSQL

CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003

Nimbus-JOSE-JWT

CVE-2025-53864

pip

CVE-2026-1703

Python

CVE-2026-1299, CVE-2026-0672, CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2025-15282, CVE-2025-6075, CVE-2025-11468, CVE-2025-13837, CVE-2025-13836, CVE-2025-12781, CVE-2025-12084, CVE-2026-24049, CVE-2026-23490

rsync

CVE-2025-10158

urllib3

CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2025-50181

zlib

CVE-2026-22184, CVE-2026-27171

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2026-53483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.

 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-53481

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.

9.8

CVE-2026-56086

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

8.8

CVE-2026-53482

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

7.5

CVE-2026-53479

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity.

 7.2

CVE-2026-53478

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.

7.2

CVE-2026-49815

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands.

7.2

CVE-2026-49814

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

7.2

CVE-2026-41122

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

7.1

CVE-2026-49813

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution.

6.7

CVE-2026-54483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

6.7

CVE-2026-26355

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.

6.5

CVE-2026-46463

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

6.5

CVE-2026-56084

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a Server-Side Request Forgery (SSRF) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

5.8

CVE-2026-46467

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

5.8

CVE-2026-46465

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service.

5.5

CVE-2026-46464

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

4.9

CVE-2026-46468

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

4.4

CVE-2026-44268

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

4.4

CVE-2026-44269

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

4.4

CVE-2026-41123

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

4.3

CVE-2026-46730

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution.

4.2

CVE-2026-56085

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

3.3

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

2.7

CVE-2026-53480

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification.

2.7

CVE-2026-41124

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

2.3

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2026-53483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.

 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-53481

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.

9.8

CVE-2026-56086

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

8.8

CVE-2026-53482

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

7.5

CVE-2026-53479

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity.

 7.2

CVE-2026-53478

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.

7.2

CVE-2026-49815

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands.

7.2

CVE-2026-49814

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

7.2

CVE-2026-41122

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

7.1

CVE-2026-49813

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution.

6.7

CVE-2026-54483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

6.7

CVE-2026-26355

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.

6.5

CVE-2026-46463

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

6.5

CVE-2026-56084

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a Server-Side Request Forgery (SSRF) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

5.8

CVE-2026-46467

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

5.8

CVE-2026-46465

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service.

5.5

CVE-2026-46464

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

4.9

CVE-2026-46468

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

4.4

CVE-2026-44268

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

4.4

CVE-2026-44269

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

4.4

CVE-2026-41123

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

4.3

CVE-2026-46730

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution.

4.2

CVE-2026-56085

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

3.3

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

2.7

CVE-2026-53480

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification.

2.7

CVE-2026-41124

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

2.3

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796,  CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124

DD OS 8.7

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.6.0.0

Version 8.7.0.0 or later

CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-49814, CVE-2026-41122, CVE-2026-49813, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-41124, CVE-2026-46463, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482CVE-2026-53480

DD OS 8.8

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.7.0.0

Version 8.8.0.0 or later

CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796,  CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482CVE-2026-53480

DD OS 8.6.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2026 8.6.1

Versions 8.6.1.0 through 8.6.1.10

Version 8.6.1.20 or later

CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796,  CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482CVE-2026-53480

DD OS 8.3.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2025 8.3.1

Versions 8.3.1.0 through 8.3.1.30

Version 8.3.1.40 or later

CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796,  CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482CVE-2026-53480

DD OS 7.13.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2024 7.13.1

Versions 7.13.1.0 through 7.13.1.70

Version 7.13.1.80 or later

CVE-2025-50181

DD OS 8.7

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.6.0.0

Version 8.7.0.0 or later

CVE-2026-26355, CVE-2026-46465, CVE-2026-46464

DD OS 8.8

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.7.0.0

Version 8.8.0.0 or later

CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464

DD OS 8.6.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2026 8.6.1

Versions 8.6.1.0 through 8.6.1.10

Version 8.6.1.20 or later

CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464

DD OS 8.3.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2025 8.3.1

Versions 8.3.1.0 through 8.3.1.30

Version 8.3.1.40 or later

CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464

DD OS 7.13.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2024 7.13.1

Versions 7.13.1.0 through 7.13.1.70

Version 7.13.1.80 or later

CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230

DD OS 8.7

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.6.0.0

Version 8.7.0.0 or later

CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084

DD OS 8.8

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.7.0.0

Version 8.8.0.0 or later

CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084

DD OS 8.6.1

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2026 8.6.1

Versions 8.6.1.0 through 8.6.1.10

Version 8.3.1.20 or later

 CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084

DD OS 8.3.1

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2025 8.3.1

Versions 8.3.1.0 through 8.3.1.30

Version 8.3.1.40 or later

 CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084

DD OS 7.13.1

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2024 7.13.1

 Versions 7.13.1.0 through 7.13.1.70

Version 7.13.1.80 or later

CVE-2025-27723

DD OS 8.8

Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.7.0.0

Version 8.8.0.0 or later

CVE-2025-27723

DD OS 8.6.1

Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2026 8.6.1

Versions 8.6.1.0 through 8.6.1.10

Version 8.6.1.20 or later

CVE-2025-27723

DD OS 8.3.1

Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2025 8.3.1

Versions 8.3.1.0 through 8.3.1.30

Version 8.3.1.40 or later

CVE-2025-27723

DD OS 7.13.1

Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2024 7.13.1

Versions 7.13.1.0 through 7.13.1.70

Version 7.13.1.80 or later

 

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796,  CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124

DD OS 8.7

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.6.0.0

Version 8.7.0.0 or later

CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-49814, CVE-2026-41122, CVE-2026-49813, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-41124, CVE-2026-46463, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482CVE-2026-53480

DD OS 8.8

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.7.0.0

Version 8.8.0.0 or later

CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796,  CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482CVE-2026-53480

DD OS 8.6.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2026 8.6.1

Versions 8.6.1.0 through 8.6.1.10

Version 8.6.1.20 or later

CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796,  CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482CVE-2026-53480

DD OS 8.3.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2025 8.3.1

Versions 8.3.1.0 through 8.3.1.30

Version 8.3.1.40 or later

CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796,  CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482CVE-2026-53480

DD OS 7.13.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2024 7.13.1

Versions 7.13.1.0 through 7.13.1.70

Version 7.13.1.80 or later

CVE-2025-50181

DD OS 8.7

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.6.0.0

Version 8.7.0.0 or later

CVE-2026-26355, CVE-2026-46465, CVE-2026-46464

DD OS 8.8

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.7.0.0

Version 8.8.0.0 or later

CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464

DD OS 8.6.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2026 8.6.1

Versions 8.6.1.0 through 8.6.1.10

Version 8.6.1.20 or later

CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464

DD OS 8.3.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2025 8.3.1

Versions 8.3.1.0 through 8.3.1.30

Version 8.3.1.40 or later

CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464

DD OS 7.13.1

Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2024 7.13.1

Versions 7.13.1.0 through 7.13.1.70

Version 7.13.1.80 or later

CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230

DD OS 8.7

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.6.0.0

Version 8.7.0.0 or later

CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084

DD OS 8.8

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.7.0.0

Version 8.8.0.0 or later

CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084

DD OS 8.6.1

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2026 8.6.1

Versions 8.6.1.0 through 8.6.1.10

Version 8.3.1.20 or later

 CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084

DD OS 8.3.1

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2025 8.3.1

Versions 8.3.1.0 through 8.3.1.30

Version 8.3.1.40 or later

 CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084

DD OS 7.13.1

Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2024 7.13.1

 Versions 7.13.1.0 through 7.13.1.70

Version 7.13.1.80 or later

CVE-2025-27723

DD OS 8.8

Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) Feature Release

Versions 7.7.1.0 through 8.7.0.0

Version 8.8.0.0 or later

CVE-2025-27723

DD OS 8.6.1

Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2026 8.6.1

Versions 8.6.1.0 through 8.6.1.10

Version 8.6.1.20 or later

CVE-2025-27723

DD OS 8.3.1

Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2025 8.3.1

Versions 8.3.1.0 through 8.3.1.30

Version 8.3.1.40 or later

CVE-2025-27723

DD OS 7.13.1

Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2024 7.13.1

Versions 7.13.1.0 through 7.13.1.70

Version 7.13.1.80 or later

 

  1. PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. (Requires support.dell.com login to view article).

  1. For instructions on how to upgrade Data Domain Operating System (DD OS), see Data Domain and DDVE: How to Upgrade the Data Domain Operating System

  1. Some security scanners may still report False Positive findings after upgrading to remediated DDOS versions.  For more details, please refer to the respective False Positive KB articles:

 

Revision History

Revision 

Date

Description

  1.0

2026-07-02  

Initial Release

2.0

2026-07-06

Updated "CVE Identifier", "Proprietary Code", and "Affected Products and Remediation" tables to include CVE-2026-41122, CVE-2026-56086, CVE-2026-53482, CVE-2026-53480.

 

Acknowledgements

  • CVE-2026-41123: Dell would like to thank brocked200 (Nguyen Quoc Khanh) for reporting this issue. 
  • CVE-2026-26355: Dell would like to thank liupeng from Ubisectech Sirius Team for reporting this issue. 
  • CVE-2026-54483: Dell would like to thank zzcentury for reporting this issue. 
  • CVE-2026-56085: Dell would like to thank Shogo Iyota for reporting this issue.
  • CVE-2026-53478: Dell would like to thank songxiaoyue for reporting this issue.
  • CVE-2026-53483, CVE-2026-53482, CVE-2026-53481, CVE-2026-53480, CVE-2026-53479: Dell would like to thank Ahmed Y. Elmogy for reporting these issues.

Related Information

Affected Products

Data Domain, DD OS, DD OS 7.11, DD OS 7.12, DD OS 7.13, DD OS 8.1, DD OS 8.3, DD OS 8.4, DD OS 8.5, DD OS 8.6, DD OS 8.7, DD OS 8.8, DD OS 8.0, DD OS Licensed Features
Article Properties
Article Number: 000481268
Article Type: Dell Security Advisory
Last Modified: 06 Jul 2026
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.