Dell PowerProtect DD OS Vulnerability Exposes Data to Remote Command Execution

/HIGH /CVSS 8.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-121
Dell PowerProtect DD OS Vulnerability Exposes Data to Remote Command Execution

The National Vulnerability Database has disclosed CVE-2026-26354, a critical stack-based buffer overflow vulnerability affecting Dell PowerProtect Data Domain systems running specific versions of DD OS. This flaw impacts Feature Release versions from 7.7.1.0 through 8.6, and LTS releases 8.3.1.0 through 8.3.1.10 and 7.13.1.0 through 7.13.1.60. An unauthenticated attacker with remote access could leverage this vulnerability to execute arbitrary commands on the affected systems.

This vulnerability presents a significant risk to organizations relying on Dell PowerProtect for data protection. Successful exploitation could lead to complete system compromise, allowing attackers to exfiltrate sensitive data, disrupt backup operations, or use the compromised system as a pivot point into the broader network. Given the CVSS score of 8.1 (HIGH) and the potential for arbitrary command execution, prompt patching is imperative.

What This Means For You

  • If your organization utilizes Dell PowerProtect Data Domain systems, immediately verify your DD OS version against the affected ranges (7.7.1.0-8.6, 8.3.1.0-8.3.1.10, 7.13.1.0-7.13.1.60) and apply the latest available patches or mitigations. Prioritize systems exposed to the network.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1207 Exploitation for Client Execution Initial Access T1059.004 Command and Scripting Interpreter: Unix Shell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

Dell PowerProtect DD OS Remote Command Execution Attempt - CVE-2026-26354

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-26354 Buffer Overflow Dell PowerProtect Data Domain with Domain Operating System (DD OS)
CVE-2026-26354 Buffer Overflow DD OS Feature Release versions 7.7.1.0 through 8.6
CVE-2026-26354 Buffer Overflow DD OS LTS2025 release version 8.3.1.0 through 8.3.1.10
CVE-2026-26354 Buffer Overflow DD OS LTS2024 release versions 7.13.1.0 through 7.13.1.60
CVE-2026-26354 RCE Arbitrary command execution via unauthenticated remote access

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 22, 2026 at 22:17 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Jellystat SQLi to RCE Critical Vulnerability (CVE-2026-41167)

CVE-2026-41167 — Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries...

vulnerabilityCVEcriticalhigh-severitycwe-89
/SCW Vulnerability Desk /CRITICAL /9.1 /⚑ 4 IOCs /⚙ 3 Sigma

OpenRemote Privilege Escalation: Master Realm at Risk

CVE-2026-41166 — OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager...

vulnerabilityCVEhigh-severityprivilege-escalationcwe-284
/SCW Vulnerability Desk /HIGH /7 /⚑ 3 IOCs /⚙ 2 Sigma

RustFS Flaw: Non-Admin Takeover of Notification Targets

CVE-2026-40937 — RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use...

vulnerabilityCVEhigh-severitycwe-862
/SCW Vulnerability Desk /HIGH /8.3 /⚑ 3 IOCs /⚙ 3 Sigma