Dell PowerProtect Data Domain OS and PowerDNS Flaws Prompt New dCERT Alerts
dCERT issued multiple advisories for Dell PowerProtect Data Domain OS and PowerDNS, highlighting newly tracked security flaws across both products. For Dell backup appliances, advisory 2026-1097 reported multiple vulnerabilities in PowerProtect Data Domain OS, followed by advisory 2026-1218, which specifically warned that a vulnerability in the platform could allow code execution.
dCERT also published two separate advisories on PowerDNS—2026-1204 and 2026-1215—each describing multiple vulnerabilities affecting the DNS software. The notices indicate a concentrated wave of disclosures affecting enterprise backup infrastructure and DNS services, with the Dell issue standing out because of its potential to let attackers execute code on vulnerable systems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
dCERT republishes or updates PowerDNS multiple vulnerabilities advisory
dCERT published Advisory 2026-1215 on PowerDNS multiple vulnerabilities one day after Advisory 2026-1204. Based on the identical topic and lack of added detail, this is best treated as a follow-on publication or update rather than a separate underlying vulnerability event.
dCERT publishes Dell PowerProtect Data Domain OS code execution advisory
dCERT issued Advisory 2026-1218 for Dell PowerProtect Data Domain OS describing a vulnerability that allows code execution. This appears as a new advisory distinct from the earlier multiple-vulnerabilities notice.
dCERT publishes PowerDNS multiple vulnerabilities advisory
dCERT published Advisory 2026-1204 covering multiple vulnerabilities in PowerDNS. No additional synopsis details are provided in the reference.
dCERT publishes Dell PowerProtect Data Domain OS vulnerability advisory
dCERT issued Advisory 2026-1097 for Dell PowerProtect Data Domain OS, warning of multiple vulnerabilities affecting the product. The reference does not provide further technical details in the synopsis.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
dCERT - Advisory 2026-1218 - Dell PowerProtect Data Domain OS: Vulnerability allows code execution
dcert.de
Open sourcedCERT - Advisory 2026-1215 - PowerDNS: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2026-1204 - PowerDNS: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2026-1097 - Dell PowerProtect Data Domain OS: Multiple Vulnerabilities
dcert.de
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Dell PowerProtect Data Domain Flaws Expose Systems to Unauthorized Access and Root RCE
Dell disclosed two high-severity vulnerabilities in **PowerProtect Data Domain** appliances running multiple **DD OS** releases, including a weak-credentials flaw tracked as `CVE-2026-23853` and a missing-authentication issue tracked as `CVE-2026-26944`. The weak-credentials vulnerability affects Feature Release versions **7.7.1.0 through 8.5**, **LTS2025 8.3.1.0 through 8.3.1.20**, and **LTS2024 7.13.1.0 through 7.13.1.50**, and could allow an unauthenticated attacker with local access to gain unauthorized access to the system. The issue is classified as **CWE-1391** and carries a **CVSS v3.1** score vector of `AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`. Dell also reported `CVE-2026-26944`, a **missing authentication for critical function** flaw classified as **CWE-306**, which could allow an unauthenticated remote attacker to execute arbitrary commands with **root privileges** if an authenticated user performs a specific action. That vulnerability is rated with the **CVSS v3.1** vector `AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`. Both issues were referenced in Dell security guidance, including advisory **`DSA-2026-060`**, and affect backup infrastructure that may be critical to recovery operations, making remediation and version review a priority for defenders.
Apr 20, 2026
Dell Issues Security Advisories for PowerEdge, PowerProtect, Connectrix, and Networking Products
Dell released multiple security advisories covering vulnerabilities across a broad set of enterprise infrastructure products, and the Canadian Centre for Cyber Security urged organizations to review the notices and apply updates. The affected technologies span storage, networking, data protection, and server platforms, including **Connectrix Switches and Directors**, **AMD-based PowerEdge Servers**, **Dell Command | Update** versions prior to `5.7.0`, **PowerProtect Data Domain**, and **Dell Storage Manager - Replay Manager for Microsoft Servers** versions prior to `8.0.3`. Additional advisories also affected **Data Protection Advisor**, **Dell EMC Isilon OneFS**, **Dell EMC PowerScale**, **Dell Networking OS10**, **PowerProtect DP Series Appliance**, **Elastic Cloud Storage**, **ObjectScale**, and several **PowerSwitch** models. The Canadian notice linked Dell advisories including `DSA-2026-041`, `DSA-2026-171`, `DSA-2026-058`, and `DSA-2026-190`, and characterized the activity as a vendor patch and mitigation effort rather than evidence of active exploitation.
May 11, 2026
Dell Patches Critical Authentication and Command Injection Flaws Across Storage Products
Dell disclosed multiple high-severity vulnerabilities affecting enterprise storage and backup platforms, including **PowerProtect Data Domain**, **Storage Manager**, and **Unity**. In PowerProtect Data Domain, **CVE-2026-26944** allows unauthenticated remote attackers to reach a privileged function and potentially execute commands as `root` if a legitimate user performs a specific action, while **CVE-2026-26943** and **CVE-2026-23778** enable root-level command execution for attackers with high privileges. Dell said the issues affect several DD OS release tracks, Data Domain Virtual Edition, APEX Protection Storage, Data Domain Management Center, and PowerProtect DP Series appliances, and released fixes through advisory **DSA-2026-060**, adding that it had no indication of active exploitation. Dell also issued critical updates for other storage lines. **Dell Storage Manager** vulnerabilities **CVE-2025-43994** and **CVE-2025-43995** expose management functions and APIs to unauthenticated remote access or authentication bypass, potentially affecting all storage arrays managed by a vulnerable instance; Dell’s advisory **DSA-2025-393** recommends upgrading to **2020 R1.22** or later. In **Dell Unity**, **CVE-2025-36604** permits unauthenticated remote OS command injection, while **CVE-2025-36606** and **CVE-2025-36607** allow authenticated attackers to escape restricted utilities and run commands as `root`; Dell remediated those flaws in **Unity OE 5.5.1** and later. The disclosures highlight elevated risk to backup integrity, storage administration, and ransomware recovery operations if exposed management interfaces remain unpatched.
Jun 12, 2026