{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-23778/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-23778"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-23778","command-injection","dell","powerprotect"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-23778 is a command injection vulnerability affecting Dell PowerProtect Data Domain appliances running Data Domain Operating System (DD OS). The affected versions include Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50. A remote attacker with high privileges could exploit this vulnerability to execute arbitrary commands with root privileges on the affected system. Successful exploitation would grant the attacker complete control over the Data Domain appliance, potentially leading to data loss, system compromise, and disruption of backup and recovery operations. Due to the critical role of Data Domain appliances in data protection, this vulnerability poses a significant risk to organizations using affected versions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains high-privileged remote access to the Dell PowerProtect Data Domain appliance, likely through compromised credentials or a separate vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request containing a command injection payload targeting a vulnerable endpoint within the DD OS web management interface.\u003c/li\u003e\n\u003cli\u003eThe vulnerable endpoint fails to properly sanitize user-supplied input, allowing the attacker to inject arbitrary operating system commands into the system.\u003c/li\u003e\n\u003cli\u003eThe injected command is executed with the privileges of the webserver process, which in this case, runs with root privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial command execution to establish persistence on the system, such as creating a new user account or modifying system configuration files.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the gained root access to move laterally within the Data Domain appliance, potentially accessing sensitive data or compromising other services.\u003c/li\u003e\n\u003cli\u003eThe attacker could exfiltrate sensitive data, deploy ransomware, or disrupt backup operations depending on their objectives.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-23778 grants a remote attacker complete control over the Dell PowerProtect Data Domain appliance. This can lead to severe consequences, including unauthorized access to sensitive data, data corruption, disruption of backup and recovery processes, and potential ransomware deployment. Given the Data Domain\u0026rsquo;s central role in data protection strategies, a successful attack can have a widespread impact, affecting numerous systems and applications that rely on the backup infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Dell to patch CVE-2026-23778. Refer to the Dell security advisory for specific instructions: \u003ca href=\"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities\"\u003ehttps://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the blast radius of a potential compromise. Restrict network access to the Dell PowerProtect Data Domain appliance to only authorized users and systems.\u003c/li\u003e\n\u003cli\u003eReview user access controls and enforce the principle of least privilege. Ensure that users only have the necessary permissions to perform their job functions on the Data Domain appliance.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T09:16:05Z","date_published":"2026-04-17T09:16:05Z","id":"/briefs/2026-04-dell-powerprotect-cmd-injection/","summary":"A command injection vulnerability in Dell PowerProtect Data Domain (CVE-2026-23778) could allow a remote, high-privileged attacker to gain root-level access.","title":"Dell PowerProtect Data Domain Command Injection Vulnerability (CVE-2026-23778)","url":"https://feed.craftedsignal.io/briefs/2026-04-dell-powerprotect-cmd-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-23778","version":"https://jsonfeed.org/version/1.1"}