Dell PowerProtect Zero-Day: Command Injection Flaw Exposes Data Domain Systems
The National Vulnerability Database has identified a critical command injection vulnerability (CVE-2026-23778) impacting Dell PowerProtect Data Domain devices running specific versions of DD OS. This flaw allows a highly privileged attacker with remote access to inject commands, potentially leading to complete system compromise and root-level access. The affected versions span Feature Releases 7.7.1.0 through 8.5, LTS2025 release 8.3.1.0 through 8.3.1.20, and LTS2024 release 7.13.1.0 through 7.13.1.50.
Given the high CVSS score of 7.2 (HIGH) and the potential for attackers to gain root privileges, this vulnerability poses a significant risk to data integrity and availability. Organizations relying on Dell PowerProtect Data Domain for backup and data protection must prioritize patching these systems immediately. The attacker’s calculus here is straightforward: gain privileged access to sensitive backup data, disrupt recovery operations, or exfiltrate critical information.
What This Means For You
- If your organization utilizes Dell PowerProtect Data Domain systems, immediately verify your DD OS version against the affected ranges (7.7.1.0-8.5, 8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.50). Prioritize patching to CVE-2026-23778. Given the high privilege required, audit access logs for any unauthorized privileged activity.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.
Suspicious Shell Command Execution
Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.
2 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get All SIEM Formats →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-23778 | Command Injection | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) |
| CVE-2026-23778 | Command Injection | DD OS Feature Release versions 7.7.1.0 through 8.5 |
| CVE-2026-23778 | Command Injection | DD OS LTS2025 release version 8.3.1.0 through 8.3.1.20 |
| CVE-2026-23778 | Command Injection | DD OS LTS2024 release versions 7.13.1.0 through 7.13.1.50 |
| CVE-2026-23778 | Privilege Escalation | Gain root-level access via remote command injection |
Written by SCW Vulnerability Desk
Related Posts
CVE-2026-23779 — Command Injection
CVE-2026-23779 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through...
Dell DD OS Vulnerability: Certificate Login Elevation of Privilege
CVE-2026-23776 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through...
CISA Warns: Active Exploitation of 13-Year-Old Apache ActiveMQ Flaw
CISA has issued a critical alert: a high-severity vulnerability in Apache ActiveMQ, dormant for thirteen years, is now actively being exploited in the wild. This...