CVE-2026-49813
Dell PowerProtect Data Domain OS Command Injection
Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution.
INFO
Published Date :
July 3, 2026, 2:18 p.m.
Last Modified :
July 3, 2026, 2:18 p.m.
Remotely Exploit :
No
Source :
dell
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | c550e75a-17ff-4988-97f0-544cde3820fe | ||||
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Apply the latest vendor patches for your Data Domain.
- Restrict local access for high-privileged accounts.
- Review system logs for suspicious activity.
- Validate system integrity after patching.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-49813 vulnerability anywhere in the article.