CVE-2026-46465
MediumCVSS 5.5Summary
A vulnerability in Dell PowerProtect Data Domain allows a high-privileged attacker with remote access to exploit an externally-controlled format string. This could lead to information disclosure and denial of service.
Risk Assessment
The risk for the organization includes potential leakage of sensitive data and disruption of backup system operations, which may impact business continuity.
Recommendation
It is recommended to immediately update Dell PowerProtect Data Domain to the latest available version, following the vendor's guidance.
Original NVD description (English source)
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service.

