CVE-2026-26943

HighRCE

Published: 20 April 2026

Published

20 April 2026

Modified

20 April 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.4th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26943 is a high-severity OS Command Injection (CWE-78) vulnerability in Dell PowerProtect Data (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 28.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring timely remediation of the OS command injection flaw through application of Dell's security updates.

SI-10 Information Input Validation good match

prevent

Prevents exploitation of the OS command injection vulnerability by enforcing input validation at vulnerable interfaces to reject malicious commands.

AC-6 Least Privilege partial match

prevent

Limits the impact of high-privileged remote access required for exploitation by enforcing least privilege on accounts and processes.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

OS command injection (CWE-78) with AV:N/PR:H directly enables remote arbitrary command execution as root on a Linux-based appliance (T1059.004), constitutes exploitation of a public-facing application for initial access (T1190), and provides privilege escalation from high-privileged context to root (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…

arbitrary command execution with root privileges.

Deeper analysisAI

CVE-2026-26943 is an OS command injection vulnerability (CWE-78) in Dell PowerProtect Data Domain, affecting versions 7.7.1.0 through 8.6, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.60. Published on 2026-04-20, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with network accessibility and low attack complexity.

A high-privileged attacker with remote access can exploit this vulnerability to execute arbitrary operating system commands with root privileges on the affected system.

Dell's security advisory DSA-2026-060 addresses this vulnerability alongside multiple others in PowerProtect Data Domain and provides security updates for mitigation: https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities.