CVE-2026-46464
MediumCVSS 4.9Summary
Dell PowerProtect Data Domain in multiple versions contains an improper link resolution before file access vulnerability. It allows a high privileged attacker with remote access to disclose sensitive information.
Risk Assessment
The risk involves potential leakage of sensitive data stored in the Data Domain system, which could compromise the confidentiality of organizational information.
Recommendation
It is recommended to immediately apply security patches provided by Dell for affected versions and restrict remote access to the system to trusted administrators only.
Original NVD description (English source)
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

