CVE-2026-49815
HighCVSS 7.2Summary
Dell PowerProtect Data Domain in multiple versions contains an OS command injection vulnerability. A high-privileged attacker with remote access could exploit this flaw to execute arbitrary OS commands.
Risk Assessment
The risk for the organization includes full compromise of the Data Domain appliance, potentially leading to breach of backup data integrity and confidentiality, as well as service disruption.
Recommendation
It is recommended to immediately update Dell PowerProtect Data Domain to the latest patched version and restrict network access to management interfaces to trusted hosts only.
Original NVD description (English source)
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands.

