Platform
dell
Component
dell-powerprotect-datadomain
Fixed in
8.6.0.0
8.3.1.20
7.13.1.50
CVE-2026-23778 describes a command injection vulnerability discovered in Dell PowerProtect Data Domain. This flaw allows a remote, high-privileged attacker to potentially escalate privileges and gain root-level access to the system. The vulnerability affects versions 7.7.1.0 through 8.5, LTS2025 versions 8.3.1.0 through 8.3.1.20, and LTS2024 versions 7.13.1.0 through 7.13.1.50. Dell recommends upgrading to version 8.6.0.0 or later to mitigate this risk.
Successful exploitation of CVE-2026-23778 could grant an attacker complete control over the affected Dell PowerProtect Data Domain system. This includes the ability to read, modify, and delete data, install malicious software, and potentially pivot to other systems on the network. Given the critical nature of Data Domain appliances in data protection and recovery, a compromise could lead to significant data loss, business disruption, and reputational damage. The ability to gain root access bypasses standard security controls, making it a particularly dangerous vulnerability. The potential for lateral movement from the compromised Data Domain appliance to other systems within the network significantly expands the blast radius of a successful attack.
CVE-2026-23778 was publicly disclosed on 2026-04-17. Its inclusion on the CISA KEV catalog is pending. Currently, there are no publicly available proof-of-concept exploits, but the command injection nature of the vulnerability suggests a moderate likelihood of exploitation once a PoC is developed. The vulnerability's impact, combined with the potential for remote exploitation, warrants careful attention and prompt remediation.
Exploit Status
EPSS
0.04% (14% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-23778 is to upgrade Dell PowerProtect Data Domain to version 8.6.0.0 or later, as this release contains the necessary fix. If immediate upgrading is not feasible, consider implementing network segmentation to limit the potential impact of a successful exploit. Restrict access to the Data Domain appliance to only authorized personnel and enforce strong authentication mechanisms. Monitor system logs for suspicious activity, particularly commands executed by privileged users. While a WAF or proxy cannot directly prevent command injection, it can be configured to detect and block known malicious patterns. There are no specific Sigma or YARA rules available at this time, but monitoring for unusual process executions and file modifications is recommended.
Dell has published a security advisory (DSA-2026-060) that provides firmware updates to mitigate this vulnerability. Apply the latest available firmware update for your PowerProtect Data Domain model to eliminate the risk of command injection.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-23778 is a command injection vulnerability affecting Dell PowerProtect Data Domain versions 7.7.1.0–8.6.0.0, allowing remote attackers to potentially gain root access.
You are affected if you are running Dell PowerProtect Data Domain versions 7.7.1.0 through 8.5, LTS2025 versions 8.3.1.0 through 8.3.1.20, or LTS2024 versions 7.13.1.0 through 7.13.1.50.
Upgrade Dell PowerProtect Data Domain to version 8.6.0.0 or later to resolve the vulnerability. Implement network segmentation and restrict access as interim measures.
Currently, there are no publicly confirmed exploits, but the vulnerability's nature suggests a potential for exploitation.
Refer to the official Dell Security Advisory for CVE-2026-23778 on the Dell Support website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.