High

OS Command Injection in Dell PowerProtect Data Domain DD OS

IdentifiersCVE-2026-26943CWE-78· Improper Neutralization of Special…

CVE-2026-26943 is an OS command injection vulnerability in Dell PowerProtect Data Domain products running Data Domain Operating System (DD OS), including Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center. The issue is classified as CWE-78 and is described as insufficient sanitization or neutralization of attacker-controlled input before it is passed to an operating system command execution context within DD OS. A remote attacker with high privileges can exploit the flaw without user interaction to execute arbitrary commands as root on the underlying system. Reported affected versions include DD OS mainline releases 7.7.1.0 through 8.6.0.0/8.6, LTS2025 releases 8.3.1.0 through 8.3.1.20, and LTS2024 releases 7.13.1.0 through 7.13.1.60.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in arbitrary command execution with root privileges on the affected Data Domain system. This gives the attacker full control over the appliance or virtual instance, with high-impact compromise of confidentiality, integrity, and availability. An attacker could read, modify, or delete protected data, alter backup and replication workflows, disrupt backup and recovery operations, impair ransomware recovery readiness, and potentially use the compromised system as a pivot point within the environment.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict network exposure of Data Domain management interfaces to trusted administrative networks only, enforce strong control and monitoring of high-privilege accounts, and minimize the number of users with administrative access. Segment backup infrastructure from general-purpose networks, monitor for suspicious command execution or anomalous administrative activity on DD OS systems, and review for possible credential compromise. These measures reduce exposure but do not eliminate the underlying vulnerability; vendor updates are required for full remediation.

Remediation

Patch, then assume compromise.

Upgrade affected systems to Dell-remediated versions. For DD OS mainline/feature releases, upgrade to 8.6.1.10, 8.7.0.0, or later as applicable. For DD OS LTS2025, upgrade to 8.3.1.30 or later. For DD OS LTS2024, upgrade to 7.13.1.70 or later. For PowerProtect DP Series Appliance, upgrade to version 2.7.9, which includes DD OS 8.3.1.30. Apply Dell advisory DSA-2026-060 guidance across all affected product families.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Dell TechnologiesData Domain Operating Systemoperating_system

Dell TechnologiesPowerprotect Data Domainapplication

Dell TechnologiesPowerprotect Dp Series Applianceapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

zeropath blogNews

Apr 20, 2026

Brief Summary: Dell PowerProtect Data Domain CVE-2026-26943 OS Command Injection Leading to Root Execution - ZeroPath Blog | ZeroPath

A root-level OS command injection vulnerability in Dell PowerProtect Data Domain that allows an attacker with high-privilege administrative access to achieve remote root command execution without user interaction.

zeropath blogNews

Apr 17, 2026

Brief Summary: Dell PowerProtect Data Domain CVE-2026-23778 Command Injection Enabling Root Access - ZeroPath Blog | ZeroPath

An OS command injection vulnerability in Dell PowerProtect Data Domain that could allow a high-privileged remote attacker to execute arbitrary commands with root privileges.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-26943

NVD

nvd.nist.gov/vuln/detail/CVE-2026-26943

MITRE CWE · CWE-78

Improper Neutralization of Special Elements…

Vendor Advisory

dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities