{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22761", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-09T18:05:08.763Z", "datePublished": "2026-04-20T16:39:40.268Z", "dateUpdated": "2026-04-20T18:00:41.131Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-20T16:39:40.268Z"}, "datePublic": "2026-04-15T18:30:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "PowerProtect Data Domain", "versions": [{"status": "affected", "version": "0", "lessThan": "8.6.1.10, 8.7.0.0 or later", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "2.7.9 with DD OS 8.3.1.30", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges."}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Dell would like to thank brocked200 (Nguyen Quoc Khanh) for reporting these issues.", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T17:59:04.742966Z", "id": "CVE-2026-22761", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T18:00:41.131Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22761", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T17:59:04.742966Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T18:00:30.415Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Dell would like to thank brocked200 (Nguyen Quoc Khanh) for reporting these issues."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerProtect Data Domain", "versions": [{"status": "affected", "version": "0", "lessThan": "8.6.1.10, 8.7.0.0 or later", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "2.7.9 with DD OS 8.3.1.30", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-15T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-04-20T16:39:40.268Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22761", "state": "PUBLISHED", "dateUpdated": "2026-04-20T18:00:41.131Z", "dateReserved": "2026-01-09T18:05:08.763Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-04-20T16:39:40.268Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges."}], "id": "CVE-2026-22761", "lastModified": "2026-04-20T19:05:30.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-04-20T17:16:31.053", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.6.1.10)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.7.9)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "PowerProtect Data Domain", "source": "cna", "vendor": "Dell"}, "product": "powerprotect_data_domain", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-20T18:36:43.958466+00:00", "value": {"mitigation_remediation": ["Apply the Dell DSA\u20112026\u2011060 security update for PowerProtect Data Domain to patch the command injection flaw.", "Limit remote network access to the PowerProtect appliance by enforcing firewalls, VPNs, and least\u2011privilege account policies.", "Enable logging and continuous monitoring of system commands and privilege\u2011elevating activities to detect anomalous behavior."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Dell PowerProtect Data Domain, affected directly by versions 8.5, 8.5.1, 8.6, and any minor revisions released with the same code base.", "description_and_impact": "Dell PowerProtect Data Domain versions 8.5 through 8.6 contain a command injection flaw that allows a high\u2011privileged attacker with remote access to run arbitrary commands as root. The vulnerability stems from unsanitized input being included in a shell command, which can be exploited to execute any code the attacker wishes, compromising confidentiality, integrity, and availability of the affected system.", "risk_and_exploitability": "The CVSS score of 6.7 indicates a moderate\u2011to\u2011high severity. EPSS information is not available, and the vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector involves a remote attacker who already has privileged network access to the PowerProtect appliance; from that position an attacker can submit crafted requests that trigger the command injection and obtain root privileges."}}}}, "created": "2026-04-20T18:30:13.810569+00:00", "title": "Command Injection in Dell PowerProtect Data Domain Enabling Remote Root Execution", "updated": "2026-04-20T18:45:14.224883+00:00", "vendors": ["dell", "dell$PRODUCT$powerprotect_data_domain"]}