Dell PowerProtect Data Domain Vulnerable to OS Command Injection
The National Vulnerability Database has identified CVE-2026-23774, a critical OS command injection flaw affecting Dell PowerProtect Data Domain systems running specific versions of Data Domain Operating System (DD OS). Versions ranging from 7.7.1.0 through 8.5, along with certain LTS releases (8.3.1.0-8.3.1.10, 7.13.1.0-7.13.1.40), are susceptible. This vulnerability, with a CVSS score of 7.2, allows a highly privileged attacker with remote access to execute arbitrary commands on the system.
Attackers exploiting this vulnerability could gain significant control over the affected data protection infrastructure. The implications are severe, potentially leading to data exfiltration, system disruption, or further lateral movement within an organization’s network. The CWE-78 designation highlights the direct nature of the command injection, bypassing intended system operations.
Defenders must prioritize patching these vulnerable Dell PowerProtect Data Domain systems immediately. Given the high privilege requirement and remote access vector, organizations should also review access controls and network segmentation around these critical backup appliances. Any anomalous activity or unauthorized command execution logs on these systems warrant immediate investigation.
What This Means For You
- If your organization utilizes Dell PowerProtect Data Domain systems, check your DD OS version against the affected ranges (7.7.1.0-8.5, 8.3.1.0-8.3.1.10, 7.13.1.0-7.13.1.40) and apply vendor patches for CVE-2026-23774 without delay. Audit logs for any suspicious remote access or command execution.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Dell PowerProtect Data Domain OS Command Injection - CVE-2026-23774
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-23774 | Command Injection | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release versions 7.7.1.0 through 8.5 |
| CVE-2026-23774 | Command Injection | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025 release version 8.3.1.0 through 8.3.1.10 |
| CVE-2026-23774 | Command Injection | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024 release versions 7.13.1.0 through 7.13.1.40 |
| CVE-2026-23774 | RCE | Arbitrary command execution via OS command injection |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 20, 2026 at 19:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6662: Open CORS Policy in copilot-api Exposes Token Endpoint
CVE-2026-6662 — A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the...
KissFFT Integer Overflow: Heap Corruption Risk in Signal Processing
CVE-2026-41445 — KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit...
CVE-2026-35154 — IDRAC. A High Privileged Attacker With Local Access Vulnerability
CVE-2026-35154 — Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an...