GHSA-xgpm-2v6j-vx8q

GHSA-xgpm-2v6j-vx8q PUBLISHED CVSS 6.699999809265137 MEDIUM

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Risk Scores

CVSS v3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

Apr 17, 2026 CVE Published
Apr 18, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2026-35074 advisory
https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities url

Open in Interactive Console →