EXECUTIVE SUMMARY:
Multiple security vulnerabilities have been identified in Dell PowerProtect Data Domain products, including Data Domain appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and the Data Domain Management Center, affecting versions from 7.7.1.0 through 8.7.0.0. These vulnerabilities include improper authentication and path traversal flaws, which could enable remote code execution and unauthorized access, posing a significant business risk and potential impact, including full system compromise and data theft.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Multiple security vulnerabilities have been identified in Dell PowerProtect Data Domain products, including Data Domain appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and the Data Domain Management Center, affecting versions from 7.7.1.0 through 8.7.0.0. These vulnerabilities include improper authentication and path traversal flaws, which could enable remote code execution and unauthorized access, posing a significant business risk and potential impact, including full system compromise and data theft.[emaillocker id="1283"]
• CVE-2026-53483 with a CVSS score of 9.8 – This improper authentication vulnerability allows an unauthenticated attacker to obtain unauthorized access to a vulnerable device, potentially granting complete control of the system.
• CVE-2026-53481 with a CVSS score of 9.8 – This path traversal vulnerability enables an unauthenticated remote attacker to access resources outside of their intended directory boundaries, resulting in unauthorized access to the system and a full compromise of the affected platform.
The identified vulnerabilities pose a high risk to organizations, particularly those with internet-accessible or remotely managed Data Domain systems, as a full compromise could enable attackers to steal protected data, alter configurations, or deploy ransomware, leading to significant business consequences and potential financial losses. Exploitation of these flaws could result in the disruption of backup operations, deletion of recovery copies, and unauthorized access to sensitive information.
RECOMMENDATION:
We recommend you to update Dell PowerProtect Data Domain to version DD OS 8.8.0.0 or later.
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/multiple-dell-powerprotect-vulnerabilites/