Skip to content
Threat Feed
high threat exploited

Dell PowerProtect Data Domain: Multiple Vulnerabilities

Multiple vulnerabilities in Dell PowerProtect Data Domain could allow an attacker to elevate privileges, execute arbitrary code, bypass security controls, perform a Denial of Service attack, conduct Cross-Site Scripting, disclose information, and manipulate files.

The German Federal Office for Information Security (BSI) has issued an advisory (WID-SEC-2026-2189) highlighting multiple critical vulnerabilities within Dell PowerProtect Data Domain. These vulnerabilities collectively pose a significant risk, allowing an attacker to achieve a wide range of malicious outcomes. While the advisory does not specify observed in-the-wild exploitation, it warns that successful exploitation could lead to privilege escalation, arbitrary code execution, bypassing security measures, Denial of Service (DoS) attacks, Cross-Site Scripting (XSS), and unauthorized information disclosure or file manipulation. Organizations utilizing Dell PowerProtect Data Domain systems are urged to address these vulnerabilities promptly, as they represent a substantial attack surface for adversaries seeking to compromise data backup and recovery infrastructure.

Impact

Successful exploitation of these vulnerabilities in Dell PowerProtect Data Domain could lead to severe consequences for affected organizations. Attackers could gain elevated privileges, execute arbitrary code on the affected systems, and bypass existing security controls, potentially leading to full compromise of the data protection environment. The vulnerabilities also open avenues for Denial of Service attacks, rendering critical backup and recovery services unavailable, and Cross-Site Scripting attacks that could compromise administrative sessions. Furthermore, sensitive information could be disclosed, and critical files manipulated, undermining data integrity and confidentiality. While no specific victim count or targeted sectors were detailed in the advisory, any organization using Dell PowerProtect Data Domain is at risk of these potential impacts.

Recommendation

  • Prioritize and immediately apply all available security patches and updates for Dell PowerProtect Data Domain from Dell Technologies.
  • Regularly review security advisories from Dell and CERT-Bund (BSI) for new vulnerabilities affecting Dell PowerProtect Data Domain.