CVE-2026-22269
Improper Verification Vulnerability in Dell PowerProtect API Enables Bypass
Publication date: 2026-02-19
Last updated on: 2026-02-20
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_data_manager | to 19.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-940 | The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Dell PowerProtect Data Manager versions prior to 19.22 have a vulnerability in their REST API related to improper verification of the source of a communication channel.
This means that a highly privileged attacker with remote access could exploit this flaw to bypass protection mechanisms.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a high privileged remote attacker to bypass protection mechanisms in Dell PowerProtect Data Manager.
This could lead to unauthorized actions or access within the system, potentially compromising data integrity, confidentiality, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know