CVE Catalog

CVE-2026-46465

MediumCVSS 5.5
Published: Translated: NVD NIST

Summary

A vulnerability in Dell PowerProtect Data Domain allows a high-privileged attacker with remote access to exploit an externally-controlled format string. This could lead to information disclosure and denial of service.

Risk Assessment

The risk for the organization includes potential leakage of sensitive data and disruption of backup system operations, which may impact business continuity.

Recommendation

It is recommended to immediately update Dell PowerProtect Data Domain to the latest available version, following the vendor's guidance.

Original NVD description (English source)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS