Critical Dell PowerProtect Vulnerability Allows Root Command Execution

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-306
Critical Dell PowerProtect Vulnerability Allows Root Command Execution

The National Vulnerability Database has identified CVE-2026-26944, a critical vulnerability affecting Dell PowerProtect Data Domain. Versions 7.7.1.0 through 8.6, LTS2025 release 8.3.1.0 through 8.3.1.20, and LTS2024 release 7.13.1.0 through 7.13.1.60 are impacted by a missing authentication flaw in a critical function.

This vulnerability, rated HIGH with a CVSS score of 8.8, allows an unauthenticated remote attacker to achieve arbitrary command execution with root privileges. While exploitation requires an authenticated user to perform a specific action, the potential for privilege escalation is severe. Attackers could leverage this to gain full control of the backup infrastructure, potentially exfiltrating sensitive data or disrupting recovery operations.

Defenders must prioritize patching affected Dell PowerProtect Data Domain systems immediately. Organizations should also review access controls and audit logs for any suspicious activity, especially around critical functions that require authentication. This is not a vulnerability to ignore given the direct path to root access.

What This Means For You

  • If your organization uses Dell PowerProtect Data Domain, immediately verify your version against the affected ranges (7.7.1.0-8.6, LTS2025 8.3.1.0-8.3.1.20, LTS2024 7.13.1.0-7.13.1.60) and apply necessary patches or vendor-provided mitigations. Review access logs for any anomalies.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Abuse Elevation Control Mechanism: Sudo and Sudo Configuration Privilege Escalation T1207 Vulnerability Exploitation Initial Access

🛡️ Detection Rules

1 rule · 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Sigma YAML is free — copy below.

critical T1190 Initial Access

CVE-2026-26944 - Dell PowerProtect Root Command Execution via Missing Authentication

Sigma YAML — free preview

Indicators of Compromise

IDTypeIndicator
CVE-2026-26944 Vulnerability CVE-2026-26944

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 19:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6662: Open CORS Policy in copilot-api Exposes Token Endpoint

CVE-2026-6662 — A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the...

vulnerabilityCVEhigh-severitycwe-346cwe-942
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 2 Sigma

KissFFT Integer Overflow: Heap Corruption Risk in Signal Processing

CVE-2026-41445 — KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-122cwe-190
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma

CVE-2026-35154 — IDRAC. A High Privileged Attacker With Local Access Vulnerability

CVE-2026-35154 — Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an...

vulnerabilityCVEmedium-severitycwe-269
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs /⚙ 2 Sigma