CVE-2026-26951
Received
Received - Intake
Stack-Based Buffer Overflow in Dell PowerProtect Enables Root Execution
Publication date: 2026-04-20
Last updated on: 2026-04-28
Assigner: Dell
Description
Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_dp_series_appliance | to 2.7.9 (exc) |
| dell | data_domain_operating_system | From 7.7.1.0 (inc) to 7.13.1.70 (exc) |
| dell | data_domain_operating_system | From 8.4.0.0 (inc) to 8.6.1.0 (exc) |
| dell | data_domain_operating_system | From 8.3.1.0 (inc) to 8.3.1.30 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
