Platform
dell
Component
dell-powerprotect-datadomain
Fixed in
8.6.0.0
8.3.1.20
7.13.1.50
CVE-2026-23779 describes a command injection vulnerability discovered in Dell PowerProtect Data Domain. This flaw allows a high-privileged attacker with local access to potentially escalate privileges and gain root-level control over the system. The vulnerability impacts versions 7.7.1.0 through 8.5, LTS2025 versions 8.3.1.0 through 8.3.1.20, and LTS2024 versions 7.13.1.0 through 7.13.1.50. Dell recommends upgrading to version 8.6.0.0 or later to address this security concern.
Successful exploitation of CVE-2026-23779 could grant an attacker root-level access to the affected Dell PowerProtect Data Domain system. This level of access provides complete control over the system, enabling the attacker to modify data, install malicious software, disrupt operations, and potentially pivot to other systems within the network. The impact is particularly severe given the Data Domain's role in data protection and backup, as an attacker could compromise sensitive data and disrupt recovery processes. The ability to gain root access mirrors the potential impact of other privilege escalation vulnerabilities, allowing for broad and unrestricted system control.
CVE-2026-23779 was publicly disclosed on 2026-04-17. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. The potential for exploitation remains, especially given the ease of local access required, and organizations should prioritize patching to mitigate the risk.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-23779 is to upgrade Dell PowerProtect Data Domain to version 8.6.0.0 or later, as this version contains the necessary fix. If an immediate upgrade is not feasible, consider restricting local access to the Data Domain appliance to only authorized personnel. Implement strong authentication and access controls to minimize the risk of a high-privileged attacker exploiting the vulnerability. While a direct WAF rule is unlikely to be effective against this type of vulnerability, reviewing and hardening the system's configuration to minimize potential attack vectors is recommended. After upgrading, verify the fix by attempting to execute commands through vulnerable interfaces and confirming that they are properly sanitized.
Dell has released a security update (DSA-2026-060) for PowerProtect Data Domain that addresses this command injection vulnerability. It is recommended to apply the update to version 8.6.0.0 or later, or to the versions specified in the Dell security advisory.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-23779 is a command injection vulnerability affecting Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6.0.0, allowing local attackers to gain root access.
You are affected if your Dell PowerProtect Data Domain is running versions 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, or LTS2024 7.13.1.0–7.13.1.50.
Upgrade to Dell PowerProtect Data Domain version 8.6.0.0 or later to remediate the vulnerability. Restrict local access as an interim measure.
As of now, there are no known public exploits or active campaigns targeting CVE-2026-23779, but the potential for exploitation remains.
Refer to the official Dell Security Advisory for CVE-2026-23779 on the Dell Support website (search for the advisory ID related to this CVE).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.