CVE Catalog

CVE-2026-44269

MediumCVSS 4.4
Published: Translated: NVD NIST

Summary

Dell PowerProtect Data Domain in multiple versions contains an improper link resolution before file access vulnerability. It allows a high privileged attacker with local access to gain unauthorized access to the system.

Risk Assessment

The risk involves potential privilege escalation and unauthorized access to sensitive data by an attacker with already high privileges, which could compromise system confidentiality and integrity.

Recommendation

It is recommended to immediately update Dell PowerProtect Data Domain to the latest available version that fixes this vulnerability, following the vendor's guidance.

Original NVD description (English source)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS