CVE Catalog

CVE-2026-44268

MediumCVSS 4.4
Published: Translated: NVD NIST

Summary

A vulnerability in Dell PowerProtect Data Domain involves incorrect permission assignment for a critical resource. This flaw could be exploited by a local attacker with high privileges, leading to unauthorized access.

Risk Assessment

The risk involves potential privilege escalation by a privileged attacker, which could result in control over critical system resources and compromise data confidentiality.

Recommendation

It is recommended to immediately apply security patches provided by the vendor for affected versions and restrict local system access to trusted administrators only.

Original NVD description (English source)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS