CVE-2026-22266
Improper Verification Vulnerability in Dell PowerProtect REST API
Publication date: 2026-02-19
Last updated on: 2026-02-20
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_data_manager | to 19.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-146 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Dell PowerProtect Data Manager versions prior to 19.22. It is an Improper Verification of Source of a Communication Channel issue in the REST API. Essentially, a high privileged attacker with remote access could exploit this flaw to bypass protection mechanisms.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a high privileged remote attacker to bypass protection mechanisms in Dell PowerProtect Data Manager. This could lead to unauthorized actions or access within the system, potentially compromising data integrity, confidentiality, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know