Critical Vulnerabilities in Dell PowerProtect Data Domain Expose Systems to Attacks

Critical Vulnerabilities in Dell PowerProtect Data Domain Expose Systems to Attacks

First seen 21 Apr 2026, 17:27 UTC Heise.Dewww.dell.com 70% similarity 72.6

Article Content

Browse articles
ThreatCluster

Dell PowerProtect Data Domain has been found vulnerable to multiple security issues, affecting its ability to protect data in on-premise and multi-cloud environments. A security advisory highlights vulnerabilities in components like Apache Commons FileUpload and OpenSSL, as well as critical vulnerabilities within the application itself. Attackers can exploit these vulnerabilities, including a DoS vulnerability (CVE-2025-48976) and a root security vulnerability (CVE-2026-26944) that allows remote code execution. The vulnerabilities have been classified with high threat levels, with several requiring immediate patching. Dell has released updates to address these issues in versions 7.13.1.70, 8.3.1.30, 8.6.1.10, and 8.7.0.1. As of now, there are no confirmed reports of exploitation, but the potential for attacks remains significant. Administrators are advised to patch their systems promptly to mitigate risks.

Key Points: • Multiple critical vulnerabilities in Dell PowerProtect Data Domain require urgent attention. • Attackers can exploit vulnerabilities for remote code execution and DoS attacks. • Dell has released patches for affected versions, but no exploitation has been confirmed yet.

ThreatCluster AI

Timeline

2017-05-23
CVE-2016-9840 published
2024-03-06
CVE-2024-2236 published
2024-10-16
CVE-2024-9143 published
2025-01-31
CVE-2025-0938 published
2025-04-02
CVE-2025-21993 published
2025-04-03
CVE-2025-22007 published
2025-04-03
CVE-2025-21996 published
2025-04-16
Multiple CVEs published, including CVE-2025-22027
2025-04-16
CVE-2025-22063 published
2025-04-16
CVE-2025-23136 published

Community

Browse all →