CVE-2026-35154
MEDIUM WAF: Low
CVSS 6.7
Published: 2026-04-20
CWE-269
Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges to access unauthorized delete operation.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| dell | data_domain_operating_system | 7.13.1.0 - 7.13.1.70 |
| dell | data_domain_operating_system | 8.3.0.0 - 8.3.1.30 |
| dell | data_domain_operating_system | 8.4.0.0 - 8.6.1.0 |
References
- www.dell.com (Vendor Advisory)