CVE-2026-23778
Published: 17 April 2026
Summary
CVE-2026-23778 is a high-severity Command Injection (CWE-77) vulnerability in Dell Data Domain Operating System. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation through application of Dell's security patches directly eliminates the command injection vulnerability in DD OS.
Information input validation at remote access points prevents exploitation of the command injection vulnerability by sanitizing user inputs.
Least privilege enforcement limits the scope and impact of high-privileged accounts that could be exploited for root escalation via command injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in a network-accessible appliance directly enables remote exploitation of a public-facing application (T1190) and subsequent privilege escalation to root via arbitrary command execution (T1068).
NVD Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with…
more
remote access could potentially exploit this vulnerability to gain root-level access.
Deeper analysisAI
CVE-2026-23778 is a command injection vulnerability (CWE-77) affecting Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS). The vulnerability impacts Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
A high-privileged attacker with remote network access can exploit this vulnerability to execute arbitrary commands and escalate privileges to root-level access on the affected system. Exploitation requires high privileges (PR:H) but low attack complexity (AC:L), no user interaction (UI:N), and is feasible over the network (AV:N), with high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H) while maintaining unchanged scope (S:U).
Dell has addressed this issue in security advisory DSA-2026-060, detailed at https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities, which provides security updates for multiple vulnerabilities in PowerProtect Data Domain, including recommended patches and mitigation guidance.
Details
- CWE(s)