CVE Catalog

CVE-2026-41124

LowCVSS 2.3
Published: Translated: NVD NIST

Summary

A path traversal vulnerability in Dell PowerProtect Data Domain allows a high-privileged attacker with local access to bypass path restrictions and potentially disclose sensitive information.

Risk Assessment

The risk involves potential exposure of confidential data by an attacker with administrative privileges, which could lead to leakage of critical organizational information.

Recommendation

Immediately update Dell PowerProtect Data Domain to the latest patched version and restrict local access to trusted users only.

Original NVD description (English source)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS