CVE-2026-41123
MediumCVSS 4.3Summary
Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release 8.6.1.0 through 8.6.1.10, LTS2025 release 8.3.1.0 through 8.3.1.30, and LTS2024 release 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in RBAC. A low privileged attacker with remote access could exploit this vulnerability to tamper with information.
Risk Assessment
The risk involves potential unauthorized data modification by an attacker, which could compromise the integrity of information stored in the backup system.
Recommendation
It is recommended to immediately apply security patches provided by the vendor for the affected Dell PowerProtect Data Domain versions.
Original NVD description (English source)
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

