CVE-2026-26944

· NIST NVD ↗

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.

HIGH
CVSS severity
8.8
CVSS base score
2026-04-20
Published

CWE codes

CWE-306

Affected products

dell:powerprotect_dp_series_appliancedell:data_domain_operating_system

Sources