Dell DD OS Log File Vulnerability Exposes Credentials

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-532
Dell DD OS Log File Vulnerability Exposes Credentials

The National Vulnerability Database has identified CVE-2026-23775, a critical vulnerability impacting Dell PowerProtect Data Domain appliances running DD OS versions 8.0 through 8.5 and the LTS2025 release 8.3.1.0-8.3.1.10. This flaw allows a low-privileged attacker with remote access to exploit an information insertion vulnerability within log files. The exploit could lead to the exposure of sensitive credentials, enabling attackers to potentially impersonate legitimate users. However, successful exploitation requires authentication attempts to be authorized by a high-privileged DD user, and the vulnerability is only active on systems with retention lock enabled.

What This Means For You

  • If your organization utilizes Dell PowerProtect Data Domain appliances with retention lock enabled, immediately verify the DD OS version. Prioritize patching to address CVE-2026-23775. Given the potential for credential exposure, conduct a thorough audit of authentication logs for any suspicious activity and consider reviewing and resetting credentials for privileged accounts associated with these appliances.

Related ATT&CK Techniques

T1119 Automated Collection Collection T1056.001 Input Capture: Keylogging Collection T1056.002 Input Capture: GUI Input Capture Collection

🛡️ Detection Rules

1 rules · 6 SIEM formats

1 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.

high vulnerability event-type

Exploitation Attempt — CVE-2026-23775

Sigma YAML — free preview
✓ Sigma 🔒 Splunk SPL 🔒 Sentinel KQL 🔒 Elastic 🔒 QRadar AQL 🔒 Wazuh

Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.

1 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get All SIEM Formats →

Indicators of Compromise

IDTypeIndicator
CVE-2026-23775 Information Disclosure Dell PowerProtect Data Domain appliances
CVE-2026-23775 Information Disclosure Data Domain Operating System (DD OS) Feature Release versions 8.0 through 8.5
CVE-2026-23775 Information Disclosure Data Domain Operating System (DD OS) LTS2025 release version 8.3.1.0 through 8.3.1.10
CVE-2026-23775 Information Disclosure Insertion of sensitive information into log file vulnerability
CVE-2026-23775 Misconfiguration Systems with retention lock enabled

Written by SCW Vulnerability Desk

Related Posts

CVE-2026-23779 — Command Injection

CVE-2026-23779 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through...

vulnerabilityCVEmedium-severitycommand-injectioncwe-77
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs

Dell DD OS Vulnerability: Certificate Login Elevation of Privilege

CVE-2026-23776 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through...

vulnerabilityCVEhigh-severitycwe-295
/SCW Vulnerability Desk /HIGH /⚑ 5 IOCs

CISA Warns: Active Exploitation of 13-Year-Old Apache ActiveMQ Flaw

CISA has issued a critical alert: a high-severity vulnerability in Apache ActiveMQ, dormant for thirteen years, is now actively being exploited in the wild. This...

threat-inteldata-breachmalwarevulnerability
/SCW Vulnerability Desk /HIGH /⚑ 1 IOC