DSA-2026-278: Security Update for Dell PowerProtect Data Domain Multiple Vulnerabilities
Summary: Dell PowerProtect Data Domain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impact
Critical
Details
|
Third-Party Component |
CVEs |
More Information |
| Intel 800 Series Ethernet Linux Driver |
CVE-2025-27723 |
|
|
Golang |
CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729 |
|
|
Apache Tomcat |
CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668 |
|
|
GNU Binutils |
CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245 |
|
|
GNU elfutils |
CVE-2025-1372 |
|
|
Libtiff |
CVE-2025-9900 |
|
|
libxml2 |
CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732 |
|
|
libxslt |
CVE-2025-24855 |
|
|
OpenSSL |
CVE-2025-9230 |
|
|
setuptools |
CVE-2025-47273 |
|
|
Rsyslog |
CVE-2022-24903 |
|
|
Apache HTTP Server |
CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200 |
|
|
Apache Log4j |
CVE-2025-68161 |
|
|
Curl |
CVE-2025-9086, CVE-2025-10148, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-11563 |
|
|
fontTools |
CVE-2025-66034 |
|
|
GNU C Library |
CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861 |
|
|
GnuPG |
CVE-2025-68972, CVE-2025-68973 |
|
|
GnuPG |
CVE-2025-68973 |
|
|
Hibernate |
CVE-2025-35036 |
|
|
libexpat |
CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375 |
|
|
glib |
CVE-2025-7039 |
|
|
OpenSSL |
CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160 |
|
|
LIBPNG |
CVE-2026-22801, CVE-2026-25646, CVE-2026-22695 |
|
|
PostgreSQL |
CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003 |
|
|
Nimbus-JOSE-JWT |
CVE-2025-53864 |
|
|
pip |
CVE-2026-1703 |
|
|
Python |
CVE-2026-1299, CVE-2026-0672, CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2025-15282, CVE-2025-6075, CVE-2025-11468, CVE-2025-13837, CVE-2025-13836, CVE-2025-12781, CVE-2025-12084, CVE-2026-24049, CVE-2026-23490 |
|
|
rsync |
CVE-2025-10158 |
|
|
urllib3 |
CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2025-50181 |
|
|
zlib |
CVE-2026-22184, CVE-2026-27171 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-53483 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity. |
9.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
CVE-2026-53481 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity. |
9.8 |
|
|
CVE-2026-56086 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. |
8.8 |
|
|
CVE-2026-53482 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
7.5 |
|
|
CVE-2026-53479 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity. |
7.2 |
|
|
CVE-2026-53478 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution. |
7.2 |
|
|
CVE-2026-49815 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands. |
7.2 |
|
|
CVE-2026-49814 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. |
7.2 |
|
|
CVE-2026-41122 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
7.1 |
|
|
CVE-2026-49813 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. |
6.7 |
|
|
CVE-2026-54483 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
6.7 |
|
|
CVE-2026-26355 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution. |
6.5 |
|
|
CVE-2026-46463 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
6.5 |
|
|
CVE-2026-56084 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a Server-Side Request Forgery (SSRF) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. |
5.8 |
|
|
CVE-2026-46467 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
5.8 |
|
|
CVE-2026-46465 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service. |
5.5 |
|
|
CVE-2026-46464 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. |
4.9 |
|
|
CVE-2026-46468 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
4.4 |
|
|
CVE-2026-44268 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. |
4.4 |
|
|
CVE-2026-44269 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. |
4.4 |
|
|
CVE-2026-41123 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. |
4.3 |
|
|
CVE-2026-46730 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution. |
4.2 |
|
|
CVE-2026-56085 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
3.3 |
|
|
CVE-2026-46466 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. |
2.7 |
|
|
CVE-2026-53480 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification. |
2.7 |
|
|
CVE-2026-41124 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. |
2.3 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-53483 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity. |
9.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
CVE-2026-53481 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity. |
9.8 |
|
|
CVE-2026-56086 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. |
8.8 |
|
|
CVE-2026-53482 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
7.5 |
|
|
CVE-2026-53479 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity. |
7.2 |
|
|
CVE-2026-53478 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution. |
7.2 |
|
|
CVE-2026-49815 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands. |
7.2 |
|
|
CVE-2026-49814 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. |
7.2 |
|
|
CVE-2026-41122 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
7.1 |
|
|
CVE-2026-49813 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. |
6.7 |
|
|
CVE-2026-54483 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
6.7 |
|
|
CVE-2026-26355 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution. |
6.5 |
|
|
CVE-2026-46463 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
6.5 |
|
|
CVE-2026-56084 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a Server-Side Request Forgery (SSRF) vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. |
5.8 |
|
|
CVE-2026-46467 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
5.8 |
|
|
CVE-2026-46465 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service. |
5.5 |
|
|
CVE-2026-46464 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. |
4.9 |
|
|
CVE-2026-46468 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
4.4 |
|
|
CVE-2026-44268 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. |
4.4 |
|
|
CVE-2026-44269 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. |
4.4 |
|
|
CVE-2026-41123 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. |
4.3 |
|
|
CVE-2026-46730 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution. |
4.2 |
|
|
CVE-2026-56085 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
3.3 |
|
|
CVE-2026-46466 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. |
2.7 |
|
|
CVE-2026-53480 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification. |
2.7 |
|
|
CVE-2026-41124 |
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. |
2.3 |
Affected Products & Remediation
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124 |
DD OS 8.7 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.6.0.0 |
Version 8.7.0.0 or later |
|
|
CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-49814, CVE-2026-41122, CVE-2026-49813, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-41124, CVE-2026-46463, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482, CVE-2026-53480 |
DD OS 8.8 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.7.0.0 |
Version 8.8.0.0 or later |
|
|
CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482, CVE-2026-53480 |
DD OS 8.6.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2026 8.6.1 |
Versions 8.6.1.0 through 8.6.1.10 |
Version 8.6.1.20 or later |
|
|
CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482, CVE-2026-53480 |
DD OS 8.3.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2025 8.3.1 |
Versions 8.3.1.0 through 8.3.1.30 |
Version 8.3.1.40 or later |
|
|
CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482, CVE-2026-53480 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.70 |
Version 7.13.1.80 or later |
|
|
CVE-2025-50181 |
DD OS 8.7 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.6.0.0 |
Version 8.7.0.0 or later |
|
|
CVE-2026-26355, CVE-2026-46465, CVE-2026-46464 |
DD OS 8.8 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.7.0.0 |
Version 8.8.0.0 or later |
|
|
CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464 |
DD OS 8.6.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2026 8.6.1 |
Versions 8.6.1.0 through 8.6.1.10 |
Version 8.6.1.20 or later |
|
|
CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464 |
DD OS 8.3.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2025 8.3.1 |
Versions 8.3.1.0 through 8.3.1.30 |
Version 8.3.1.40 or later |
|
|
CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.70 |
Version 7.13.1.80 or later |
|
|
CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230 |
DD OS 8.7 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.6.0.0 |
Version 8.7.0.0 or later |
|
|
CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084 |
DD OS 8.8 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.7.0.0 |
Version 8.8.0.0 or later |
|
|
CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084 |
DD OS 8.6.1 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2026 8.6.1 |
Versions 8.6.1.0 through 8.6.1.10 |
Version 8.3.1.20 or later |
|
|
CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084 |
DD OS 8.3.1 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2025 8.3.1 |
Versions 8.3.1.0 through 8.3.1.30 |
Version 8.3.1.40 or later |
|
|
CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.70 |
Version 7.13.1.80 or later |
|
|
CVE-2025-27723 |
DD OS 8.8 |
Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.7.0.0 |
Version 8.8.0.0 or later |
|
|
CVE-2025-27723 |
DD OS 8.6.1 |
Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2026 8.6.1 |
Versions 8.6.1.0 through 8.6.1.10 |
Version 8.6.1.20 or later |
|
|
CVE-2025-27723 |
DD OS 8.3.1 |
Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2025 8.3.1 |
Versions 8.3.1.0 through 8.3.1.30 |
Version 8.3.1.40 or later |
|
|
CVE-2025-27723 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.70 |
Version 7.13.1.80 or later |
|
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124 |
DD OS 8.7 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.6.0.0 |
Version 8.7.0.0 or later |
|
|
CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-49814, CVE-2026-41122, CVE-2026-49813, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-41124, CVE-2026-46463, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482, CVE-2026-53480 |
DD OS 8.8 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.7.0.0 |
Version 8.8.0.0 or later |
|
|
CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482, CVE-2026-53480 |
DD OS 8.6.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2026 8.6.1 |
Versions 8.6.1.0 through 8.6.1.10 |
Version 8.6.1.20 or later |
|
|
CVE-2025-61723, CVE-2025-58187, CVE-2025-61725, CVE-2025-58188, CVE-2022-28948, CVE-2025-61729, CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482, CVE-2026-53480 |
DD OS 8.3.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2025 8.3.1 |
Versions 8.3.1.0 through 8.3.1.30 |
Version 8.3.1.40 or later |
|
|
CVE-2025-55754, CVE-2025-55752, CVE-2025-48988, CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-49124, CVE-2025-49125, CVE-2025-55668, CVE-2025-9714, CVE-2025-6021, CVE-2025-49795, CVE-2025-49796, CVE-2025-6170, CVE-2025-8732, CVE-2025-24855, CVE-2025-47273, CVE-2022-24903, CVE-2025-58098, CVE-2025-55753, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, CVE-2025-68161, CVE-2025-9086, CVE-2026-3784, CVE-2026-3783, CVE-2026-1965, CVE-2025-15224, CVE-2025-15079, CVE-2025-14819, CVE-2025-14524, CVE-2025-14017, CVE-2025-10966, CVE-2025-68972, CVE-2025-68973, CVE-2025-35036, CVE-2026-25210, CVE-2026-24515, CVE-2026-32778, CVE-2026-32776, CVE-2026-32777, CVE-2025-66382, CVE-2025-59375, CVE-2025-53864, CVE-2026-1703, CVE-2026-23490, CVE-2026-24049, CVE-2025-10158, CVE-2026-21441, CVE-2025-66471, CVE-2025-66418, CVE-2026-22184, CVE-2026-27171, CVE-2026-56086, CVE-2026-54483, CVE-2026-44268, CVE-2026-44269, CVE-2026-41123, CVE-2026-41124, CVE-2026-53483, CVE-2026-53481, CVE-2026-53479, CVE-2026-53478, CVE-2026-49815, CVE-2026-41122, CVE-2026-49813, CVE-2026-46463, CVE-2026-56084, CVE-2026-46467, CVE-2026-46468, CVE-2026-46730, CVE-2026-56085, CVE-2026-46466, CVE-2026-53482, CVE-2026-53480 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center with Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.70 |
Version 7.13.1.80 or later |
|
|
CVE-2025-50181 |
DD OS 8.7 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.6.0.0 |
Version 8.7.0.0 or later |
|
|
CVE-2026-26355, CVE-2026-46465, CVE-2026-46464 |
DD OS 8.8 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.7.0.0 |
Version 8.8.0.0 or later |
|
|
CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464 |
DD OS 8.6.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2026 8.6.1 |
Versions 8.6.1.0 through 8.6.1.10 |
Version 8.6.1.20 or later |
|
|
CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464 |
DD OS 8.3.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2025 8.3.1 |
Versions 8.3.1.0 through 8.3.1.30 |
Version 8.3.1.40 or later |
|
|
CVE-2025-50181, CVE-2026-26355, CVE-2026-46465, CVE-2026-46464 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, and Dell APEX Protection Storage with Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.70 |
Version 7.13.1.80 or later |
|
|
CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230 |
DD OS 8.7 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.6.0.0 |
Version 8.7.0.0 or later |
|
|
CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084 |
DD OS 8.8 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.7.0.0 |
Version 8.8.0.0 or later |
|
|
CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084 |
DD OS 8.6.1 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2026 8.6.1 |
Versions 8.6.1.0 through 8.6.1.10 |
Version 8.3.1.20 or later |
|
|
CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084 |
DD OS 8.3.1 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2025 8.3.1 |
Versions 8.3.1.0 through 8.3.1.30 |
Version 8.3.1.40 or later |
|
|
CVE-2025-9086, CVE-2025-10148, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1149, CVE-2025-0840, CVE-2025-1179, CVE-2025-1181, CVE-2025-1182, CVE-2025-1176, CVE-2025-1178, CVE-2025-3198, CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1372, CVE-2025-59375, CVE-2025-9900, CVE-2025-9230, CVE-2025-66034, CVE-2025-15281, CVE-2026-0915, CVE-2025-8058, CVE-2026-0861, CVE-2025-6897, CVE-2025-11563, CVE-2025-7039, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, CVE-2026-22801, CVE-2026-25646, CVE-2026-22695, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-2003, CVE-2026-0865, CVE-2026-0672, CVE-2025-11468, CVE-2025-15282, CVE-2025-15366, CVE-2025-15367, CVE-2025-13836, CVE-2025-13837, CVE-2025-12084 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain Management Center with Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.70 |
Version 7.13.1.80 or later |
|
|
CVE-2025-27723 |
DD OS 8.8 |
Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) Feature Release |
Versions 7.7.1.0 through 8.7.0.0 |
Version 8.8.0.0 or later |
|
|
CVE-2025-27723 |
DD OS 8.6.1 |
Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2026 8.6.1 |
Versions 8.6.1.0 through 8.6.1.10 |
Version 8.6.1.20 or later |
|
|
CVE-2025-27723 |
DD OS 8.3.1 |
Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2025 8.3.1 |
Versions 8.3.1.0 through 8.3.1.30 |
Version 8.3.1.40 or later |
|
|
CVE-2025-27723 |
DD OS 7.13.1 |
Dell PowerProtect Data Domain series appliances with Data Domain Operating System (DD OS) LTS2024 7.13.1 |
Versions 7.13.1.0 through 7.13.1.70 |
Version 7.13.1.80 or later |
-
PowerProtect Data Domain: Software Versions : This KB article provides the status of the current active PowerProtect Data Domain Operating System (DD OS) releases, along with links to the release notes. (Requires support.dell.com login to view article).
-
For instructions on how to upgrade Data Domain Operating System (DD OS), see Data Domain and DDVE: How to Upgrade the Data Domain Operating System
-
Some security scanners may still report False Positive findings after upgrading to remediated DDOS versions. For more details, please refer to the respective False Positive KB articles:
-
-
Dell PowerProtect Data Domain False Positive Security Vulnerabilities for DD OS 8.8
-
Dell PowerProtect Data Domain False Positive Security Vulnerabilities for DD OS 8.7
-
Dell PowerProtect Data Domain False Positive Security Vulnerabilities for DDOS 8.6
-
Dell PowerProtect Data Domain False Positive Security Vulnerabilities for DDOS 8.3
-
Dell Data Domain False Positive Security Vulnerabilities for DDOS 7.13
-
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2026-07-02 |
Initial Release |
|
2.0 |
2026-07-06 |
Updated "CVE Identifier", "Proprietary Code", and "Affected Products and Remediation" tables to include CVE-2026-41122, CVE-2026-56086, CVE-2026-53482, CVE-2026-53480. |
Acknowledgements
- CVE-2026-41123: Dell would like to thank brocked200 (Nguyen Quoc Khanh) for reporting this issue.
- CVE-2026-26355: Dell would like to thank liupeng from Ubisectech Sirius Team for reporting this issue.
- CVE-2026-54483: Dell would like to thank zzcentury for reporting this issue.
- CVE-2026-56085: Dell would like to thank Shogo Iyota for reporting this issue.
- CVE-2026-53478: Dell would like to thank songxiaoyue for reporting this issue.
- CVE-2026-53483, CVE-2026-53482, CVE-2026-53481, CVE-2026-53480, CVE-2026-53479: Dell would like to thank Ahmed Y. Elmogy for reporting these issues.