CVE-2026-23777
Information Exposure in Dell PowerProtect Data Domain DD OS
Publication date: 2026-04-17
Last updated on: 2026-05-05
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_data_domain | From 8.3.1.0 (inc) to 8.3.1.20 (inc) |
| dell | powerprotect_data_domain | From 7.13.1.0 (inc) to 7.13.1.50 (inc) |
| dell | data_domain_operating_system | From 7.7.1.0 (inc) to 8.5.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) in certain versions. It allows a low privileged attacker with remote access to potentially expose sensitive information without authorization.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to unauthorized exposure of sensitive information. This means that an attacker with limited privileges and remote access might be able to access confidential data that should otherwise be protected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the exposure of sensitive information to an unauthorized actor, which could potentially impact compliance with data protection regulations such as GDPR and HIPAA. Unauthorized disclosure of sensitive data may lead to violations of these standards, which require strict controls to protect personal and health information.
However, specific details on how this vulnerability affects compliance with these regulations are not provided in the available information.