CVE-2026-26354

High

Published: 22 April 2026

Published

22 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 21.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26354 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dell Data Domain Operating System. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the stack-based buffer overflow by identifying, reporting, and applying vendor patches as detailed in Dell advisory DSA-2026-060.

SI-16 Memory Protection good match

prevent

Implements memory safeguards such as stack canaries, ASLR, and DEP to protect against exploitation of stack-based buffer overflows leading to arbitrary command execution.

SI-10 Information Input Validation good match

prevent

Enforces validation of remote inputs to prevent buffer overflows (CWE-121, CWE-787) that enable unauthenticated arbitrary command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Remote unauthenticated stack-based buffer overflow enabling arbitrary command execution on a network-accessible appliance directly maps to initial access via public-facing application exploitation and subsequent command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote…

access could potentially exploit this vulnerability, leading to arbitrary command execution.

Deeper analysisAI

CVE-2026-26354 is a stack-based buffer overflow vulnerability (CWE-121, CWE-787) affecting Dell PowerProtect Data Domain systems running Domain Operating System (DD OS). The flaw impacts Feature Release versions 7.7.1.0 through 8.6, LTS2025 release versions 8.3.1.0 through 8.3.1.10, and LTS2024 release versions 7.13.1.0 through 7.13.1.60. Published on April 22, 2026, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to potential impacts on confidentiality, integrity, and availability.

An unauthenticated attacker with remote network access can exploit this vulnerability, which requires high attack complexity. Successful exploitation could enable arbitrary command execution on the targeted Data Domain system, allowing full compromise without user interaction or privileges.

Dell security advisory DSA-2026-060 addresses this and other vulnerabilities in PowerProtect Data Domain, providing details on security updates. Security practitioners should review the advisory at https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities for patching guidance and mitigation steps.

Details

CWE(s): CWE-121 CWE-787

Affected Products

dell

powerprotect dp series appliance

≤ 2.7.9

dell

data domain operating system

7.7.1.0 — 7.13.1.60 · 7.14.0.0 — 8.3.1.20 · 8.4.0.0 — 8.6.1.10

CVEs Like This One

CVE-2026-26944Same product: Dell Data Domain Operating System

CVE-2026-23774Same product: Dell Data Domain Operating System

CVE-2026-23778Same product: Dell Data Domain Operating System

CVE-2026-23776Same product: Dell Data Domain Operating System

CVE-2026-23853Same product: Dell Data Domain Operating System

CVE-2025-26336Same vendor: Dell

CVE-2025-22475Same product: Dell Data Domain Operating System

CVE-2025-46645Same product: Dell Data Domain Operating System

CVE-2025-36594Same product: Dell Data Domain Operating System

CVE-2025-36568Same product: Dell Data Domain Operating System

References

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Vendor Advisory · security_alert@emc.com