Dell PowerProtect Data Domain: Root OS Command Injection

/HIGH /CVSS 7.2/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycommand-injectioncwe-78
Dell PowerProtect Data Domain: Root OS Command Injection

The National Vulnerability Database has disclosed CVE-2026-24506, an OS command injection flaw impacting Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, including LTS2025 release versions 8.3.1.0 through 8.3.1.20 and LTS2024 release versions 7.13.1.0 through 7.13.1.60. This vulnerability carries a high CVSS score of 7.2.

An attacker with high privileges and remote network access could exploit this flaw to execute arbitrary commands as the root user. This is a critical issue for data backup and recovery infrastructure, as compromise of a Data Domain system could lead to complete data loss, manipulation, or exfiltration, directly impacting business continuity and integrity.

Defenders must prioritize patching these systems immediately. Given the high privileges required, the attacker’s calculus here is likely post-exploitation. This means an adversary has already gained a foothold and is looking to escalate privileges to root for maximum control and persistence within the data center environment. Don’t assume your network perimeter will save you from this one; focus on internal segmentation and least privilege for administrative accounts.

What This Means For You

  • If your organization uses Dell PowerProtect Data Domain, identify all instances running affected versions. Prioritize patching immediately to prevent root-level command execution. Audit administrative access logs for any suspicious activity, especially remote logins to these devices.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.004 Command and Scripting Interpreter: Unix Shell Execution

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-24506 - Dell PowerProtect Data Domain OS Command Injection

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-24506 Vulnerability CVE-2026-24506

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

wpForo Plugin Flaw Allows Arbitrary File Deletion, RCE

CVE-2026-6248 — The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to...

vulnerabilityCVEhigh-severityremote-code-executioncwe-22
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 5 IOCs /⚙ 3 Sigma

CVE-2026-6060 — Denial of Service

CVE-2026-6060 — A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-770
/SCW Vulnerability Desk /MEDIUM /4.5 /⚑ 3 IOCs /⚙ 1 Sigma

CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce

CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can...

vulnerabilityCVEmedium-severitycwe-73
/SCW Vulnerability Desk /MEDIUM /5.8 /⚑ 2 IOCs /⚙ 3 Sigma