🔐 CVE Alert

CVE-2026-53479

HIGH 7.2
CVSS Score
7.2
EPSS Score
1.3%
EPSS Percentile
66th

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity.

CWE CWE-78
Vendor dell
Product powerprotect data domain
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for dell powerprotect data domain

Be the first to know when new high vulnerabilities affecting dell powerprotect data domain are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Dell / PowerProtect Data Domain
0 < 8.8.0.0 or later 0 < 8.6.1.20 or later 0 < 8.3.1.40 or later 0 < 7.13.1.80 or later

References

NVD ↗ CVE.org ↗ EPSS Data ↗
dell.com: https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Credits

Dell would like to thank Ahmed Y. Elmogy for reporting these issues.