CVE Catalog

CVE-2026-54483

MediumCVSS 6.7
Published: Translated: NVD NIST

Summary

Dell PowerProtect Data Domain in multiple versions contains an OS command injection vulnerability. A high-privileged attacker with local access could exploit this flaw to execute arbitrary commands.

Risk Assessment

The risk involves potential system compromise by an attacker with high privileges, leading to breach of data confidentiality, integrity, and availability.

Recommendation

It is recommended to immediately update Dell PowerProtect Data Domain to the latest available version that includes the security fix.

Original NVD description (English source)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS