CVE-2026-26951
Stack-Based Buffer Overflow in Dell PowerProtect Enables Root Execution
Publication date: 2026-04-20
Last updated on: 2026-04-28
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_dp_series_appliance | to 2.7.9 (exc) |
| dell | data_domain_operating_system | From 7.7.1.0 (inc) to 7.13.1.70 (exc) |
| dell | data_domain_operating_system | From 8.4.0.0 (inc) to 8.6.1.0 (exc) |
| dell | data_domain_operating_system | From 8.3.1.0 (inc) to 8.3.1.30 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in Dell PowerProtect Data Domain software versions 7.7.1.0 through 8.6, including certain LTS2025 and LTS2024 release versions. It allows a highly privileged attacker with local access to exploit the flaw, potentially enabling them to execute arbitrary commands with root-level privileges on the affected system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with high privileges and local access to execute arbitrary commands as root. This means the attacker could take full control of the affected system, potentially leading to data compromise, system disruption, or further attacks within the network.