Cyber Resilience

CVE-2026-26943

HighRCE

Published: 20 April 2026

Published
20 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 25.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26943 is a high-severity OS Command Injection (CWE-78) vulnerability in Dell PowerProtect Data (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-26943 is an OS command injection vulnerability (CWE-78) in Dell PowerProtect Data Domain, affecting versions 7.7.1.0 through 8.6, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.60. Published on 2026-04-20, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with network accessibility and low attack complexity.

A high-privileged attacker with remote access can exploit this vulnerability to execute arbitrary operating system commands with root privileges on the affected system.

Dell's security advisory DSA-2026-060 addresses this vulnerability alongside multiple others in PowerProtect Data Domain and provides security updates for mitigation: https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities.

EU & UK References

Vulnerability details

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…

more

arbitrary command execution with root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

OS command injection (CWE-78) with AV:N/PR:H directly enables remote arbitrary command execution as root on a Linux-based appliance (T1059.004), constitutes exploitation of a public-facing application for initial access (T1190), and provides privilege escalation from high-privileged context to root (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-56102Shared CWE-78
CVE-2025-20029Shared CWE-78
CVE-2026-28774Shared CWE-78
CVE-2026-30809Shared CWE-78
CVE-2025-56077Shared CWE-78
CVE-2026-28773Shared CWE-78
CVE-2025-66210Shared CWE-78
CVE-2025-56094Shared CWE-78
CVE-2026-27635Shared CWE-78
CVE-2026-28269Shared CWE-78

Affected Assets

Dell
PowerProtect Data
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely remediation of the OS command injection flaw through application of Dell's security updates.

prevent

Prevents exploitation of the OS command injection vulnerability by enforcing input validation at vulnerable interfaces to reject malicious commands.

prevent

Limits the impact of high-privileged remote access required for exploitation by enforcing least privilege on accounts and processes.

References