CVE-2026-23776
Improper Certificate Validation in Dell DD OS Enables Privilege Escalation
Publication date: 2026-04-17
Last updated on: 2026-04-20
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_dp_series_appliance | to 2.7.9 (exc) |
| dell | data_domain_operating_system | From 8.4.0.0 (inc) to 8.6.0.0 (exc) |
| dell | data_domain_operating_system | From 7.14.0.0 (inc) to 8.3.1.30 (exc) |
| dell | data_domain_operating_system | From 7.7.1.0 (inc) to 7.13.1.70 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions from 7.7.1.0 through 8.5, including certain LTS2025 and LTS2024 release versions. It is an Improper Certificate Validation vulnerability related to certificate-based login.
A low privileged attacker who has remote access could exploit this flaw to elevate their privileges on the affected system.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker with low privileges and remote access to gain higher privileges on the system.
This elevation of privileges could lead to unauthorized access to sensitive data, modification of system configurations, or disruption of services.