External risk intelligence

Dell PowerProtect Data Domain can be compromised remotely to execute commands

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-26354

An external attacker could gain full administrative control over Dell PowerProtect Data Domain systems by sending specific network requests. This exposes critical backup data to potential theft, tampering, or disruption, threatening the integrity of enterprise data protection.

2Halo Surface Signal

Out-of-bounds Write

Dell Powerprotect Dp Series Appliance

before 2.7.97.7.1.0 to before 7.13.1.607.14.0.0 to before 8.3.1.208.4.0.0 to before 8.6.1.10

External exposure likelihood

Halo Surface Signal score for CVE-2026-26354

Dell PowerProtect Data Domain systems are enterprise backup appliances typically deployed within protected internal networks or management segments. They are not designed to be internet-facing, and secure deployment requires restricting access to trusted networks. While network-reachable within an organization, public internet exposure is uncommon for this type of infrastructure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in Dell PowerProtect Data Domain systems could allow an attacker to run commands on the system remotely. This is a serious issue because it could lead to unauthorized control of your backup data infrastructure.

  • Can lead to full system compromise.
  • Affects critical data protection systems.
  • Requires remote access to exploit.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker with network access could exploit this stack-based buffer overflow to gain arbitrary command execution on vulnerable Dell PowerProtect Data Domain systems. This could allow an attacker to compromise the entire backup infrastructure, potentially leading to data theft or further network penetration.

  • Remote, unauthenticated access required.
  • Target: Network service on DD OS.
  • Precondition: Network segmentation allows access.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in Dell PowerProtect Data Domain OS presents a significant risk of arbitrary command execution for unauthenticated attackers. Given the critical nature of backup systems, attackers would likely prioritize targeting them to disrupt operations or gain a foothold. However, exploitation is expected to be limited to environments where the systems are directly accessible.

  • No public exploits observed.
  • KEV listing not present.
  • Vulnerability is relatively new.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching Dell PowerProtect Data Domain Operating System (DD OS) to address a critical buffer overflow vulnerability. This vulnerability could allow unauthenticated remote attackers to execute arbitrary commands, posing a significant risk to data integrity and system control. Until patching is complete, focus on network segmentation and strict access controls.

  • Apply DD OS version 8.6.2.10 or later, or 8.3.1.11 or later, or 7.13.1.61 or later.
  • Restrict network access to management interfaces.
  • Monitor for unusual command execution.

Frequently asked questions

What is Dell PowerProtect Data Domain and DD OS?

Dell PowerProtect Data Domain is an enterprise backup appliance, and DD OS is its operating system. These systems are used for data protection, managing and safeguarding backups for organizations.

What is the weakness class for CVE-2026-26354?

CVE-2026-26354 is a stack-based buffer overflow vulnerability. This type of weakness occurs when a program writes data beyond the allocated buffer on the stack, potentially overwriting adjacent memory and leading to unintended behavior or code execution.

How can an attacker trigger this vulnerability?

An unauthenticated attacker with remote network access to the vulnerable system can trigger this vulnerability. The vulnerability is not triggered if network segmentation prevents remote access or if the system is not running a vulnerable version of DD OS.

Who should care about CVE-2026-26354?

Organizations using Dell PowerProtect Data Domain systems should care. Halo Surface Signal indicates these systems are typically internal and not internet-facing, suggesting the risk is primarily within an organization's network rather than from external internet threats.

What's a first step to respond to this threat?

The immediate first step is to apply the necessary updates to Dell PowerProtect Data Domain Operating System (DD OS) to versions 8.6.2.10, 8.3.1.11, or 7.13.1.61 or later. Additionally, ensure network access to management interfaces is strictly controlled and monitored.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified