CVE-2026-41123
Received
Received - Intake
Improper Access Control in Dell PowerProtect Data Domain
Vulnerability report for CVE-2026-41123, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-03
Last updated on: 2026-07-03
Assigner: Dell
Description
Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_data_domain | From 7.7.1.0 (inc) to 8.6 (inc) |
| dell | powerprotect_data_domain | From 8.6.1.0 (inc) to 8.6.1.10 (inc) |
| dell | powerprotect_data_domain | From 8.3.1.0 (inc) to 8.3.1.30 (inc) |
| dell | powerprotect_data_domain | From 7.13.1.0 (inc) to 7.13.1.70 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |