CVE Catalog

CVE-2026-41123

MediumCVSS 4.3
Published: Translated: NVD NIST

Summary

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release 8.6.1.0 through 8.6.1.10, LTS2025 release 8.3.1.0 through 8.3.1.30, and LTS2024 release 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in RBAC. A low privileged attacker with remote access could exploit this vulnerability to tamper with information.

Risk Assessment

The risk involves potential unauthorized data modification by an attacker, which could compromise the integrity of information stored in the backup system.

Recommendation

It is recommended to immediately apply security patches provided by the vendor for the affected Dell PowerProtect Data Domain versions.

Original NVD description (English source)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS