प्लेटफ़ॉर्म
dell
घटक
dell-powerprotect-datadomain
में ठीक किया गया
8.6.0.0
8.3.1.20
7.13.1.50
CVE-2026-23778 describes a command injection vulnerability discovered in Dell PowerProtect Data Domain. This flaw allows a remote, high-privileged attacker to potentially escalate privileges and gain root-level access to the system. The vulnerability affects versions 7.7.1.0 through 8.5, LTS2025 versions 8.3.1.0 through 8.3.1.20, and LTS2024 versions 7.13.1.0 through 7.13.1.50. Dell recommends upgrading to version 8.6.0.0 or later to mitigate this risk.
Successful exploitation of CVE-2026-23778 could grant an attacker complete control over the affected Dell PowerProtect Data Domain system. This includes the ability to read, modify, and delete data, install malicious software, and potentially pivot to other systems on the network. Given the critical nature of Data Domain appliances in data protection and recovery, a compromise could lead to significant data loss, business disruption, and reputational damage. The ability to gain root access bypasses standard security controls, making it a particularly dangerous vulnerability. The potential for lateral movement from the compromised Data Domain appliance to other systems within the network significantly expands the blast radius of a successful attack.
CVE-2026-23778 was publicly disclosed on 2026-04-17. Its inclusion on the CISA KEV catalog is pending. Currently, there are no publicly available proof-of-concept exploits, but the command injection nature of the vulnerability suggests a moderate likelihood of exploitation once a PoC is developed. The vulnerability's impact, combined with the potential for remote exploitation, warrants careful attention and prompt remediation.
Organizations heavily reliant on Dell PowerProtect Data Domain for data backup and recovery are particularly at risk. This includes those with legacy configurations or those who have not implemented robust access controls. Shared hosting environments utilizing Data Domain appliances are also vulnerable, as a compromise of one tenant could potentially impact others.
• linux / server:
journalctl -u dd-os -g 'command injection'• linux / server:
ps aux | grep -i 'malicious_command'• linux / server:
find / -perm -4000 -type f -print• linux / server:
ssh -i /tmp/id_rsa root@<data_domain_ip> 'whoami'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.04% (14% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-23778 is to upgrade Dell PowerProtect Data Domain to version 8.6.0.0 or later, as this release contains the necessary fix. If immediate upgrading is not feasible, consider implementing network segmentation to limit the potential impact of a successful exploit. Restrict access to the Data Domain appliance to only authorized personnel and enforce strong authentication mechanisms. Monitor system logs for suspicious activity, particularly commands executed by privileged users. While a WAF or proxy cannot directly prevent command injection, it can be configured to detect and block known malicious patterns. There are no specific Sigma or YARA rules available at this time, but monitoring for unusual process executions and file modifications is recommended.
Dell ha publicado un aviso de seguridad (DSA-2026-060) que proporciona actualizaciones de firmware para mitigar esta vulnerabilidad. Aplique la actualización de firmware más reciente disponible para su modelo de PowerProtect Data Domain para eliminar el riesgo de inyección de comandos.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-23778 is a command injection vulnerability affecting Dell PowerProtect Data Domain versions 7.7.1.0–8.6.0.0, allowing remote attackers to potentially gain root access.
You are affected if you are running Dell PowerProtect Data Domain versions 7.7.1.0 through 8.5, LTS2025 versions 8.3.1.0 through 8.3.1.20, or LTS2024 versions 7.13.1.0 through 7.13.1.50.
Upgrade Dell PowerProtect Data Domain to version 8.6.0.0 or later to resolve the vulnerability. Implement network segmentation and restrict access as interim measures.
Currently, there are no publicly confirmed exploits, but the vulnerability's nature suggests a potential for exploitation.
Refer to the official Dell Security Advisory for CVE-2026-23778 on the Dell Support website.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।