CVE-2026-23776
Published: 17 April 2026
Summary
CVE-2026-23776 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Dell Data Domain Operating System. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires establishment and proper validation of PKI certificates, directly addressing the improper certificate validation in certificate-based login.
Mandates timely flaw remediation, such as applying Dell patches for this specific certificate validation vulnerability.
Manages authenticators including PKI certificates to ensure secure handling and validation during authentication processes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper certificate validation in remote login enables remote exploitation for privilege escalation on a potentially public-facing appliance.
NVD Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A…
more
low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Deeper analysisAI
CVE-2026-23776 is an Improper Certificate Validation vulnerability (CWE-295) in the certificate-based login feature of Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS). It affects Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.60. The vulnerability has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), rated as High severity.
A low-privileged attacker with remote network access can exploit this flaw to elevate privileges. Exploitation requires high-level prerequisites (PR:H) but is low complexity (AC:L) with no user interaction (UI:N) needed, allowing remote attack (AV:N) that impacts confidentiality, integrity, and availability at a high level (C:H/I:H/A:H) within the unchanged scope (S:U).
Dell has issued security advisory DSA-2026-060 addressing CVE-2026-23776 alongside multiple other vulnerabilities in PowerProtect Data Domain. Practitioners should consult the advisory at https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities for patch details and mitigation recommendations.
Details
- CWE(s)