CVE-2026-44268
Received
Received - Intake
Incorrect Permission Assignment in Dell PowerProtect Data Domain
Vulnerability report for CVE-2026-44268, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-03
Last updated on: 2026-07-03
Assigner: Dell
Description
Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_data_domain | From 7.7.1.0 (inc) to 8.6 (inc) |
| dell | powerprotect_data_domain | From 8.6.1.0 (inc) to 8.6.1.10 (inc) |
| dell | powerprotect_data_domain | From 8.3.1.0 (inc) to 8.3.1.30 (inc) |
| dell | powerprotect_data_domain | From 7.13.1.0 (inc) to 7.13.1.70 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |