CVE Catalog

CVE-2026-56085

LowCVSS 3.3
Published: Translated: NVD NIST

Summary

A vulnerability in Dell PowerProtect Data Domain involves the use of an uninitialized resource. A low-privileged attacker with local access could exploit this flaw, leading to information exposure.

Risk Assessment

The risk for the organization includes potential leakage of sensitive data stored in the Data Domain system, which could compromise information security and regulatory compliance.

Recommendation

It is recommended to immediately update Dell PowerProtect Data Domain to the latest available version that includes a fix for this vulnerability, following the vendor's guidance.

Original NVD description (English source)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS