CVE-2026-26354
Received
Received - Intake
Stack-Based Buffer Overflow in Dell PowerProtect DD OS Enables Remote Code Execution
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: Dell
Description
Description
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_dp_series_appliance | to 2.7.9 (exc) |
| dell | data_domain_operating_system | From 7.14.0.0 (inc) to 8.3.1.20 (exc) |
| dell | data_domain_operating_system | From 7.7.1.0 (inc) to 7.13.1.60 (exc) |
| dell | data_domain_operating_system | From 8.4.0.0 (inc) to 8.6.1.10 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
