Dell PowerProtect Data Domain unauth root command execution (CVE-2026-26944)

Vendor-confirmed - CVE-2026-26944 is a high attacker-payload execution flaw in Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 that lets an unauthenticated attacker execute arbitrary commands with root privileges via missing authentication for a critical function. Update to version 8.6.0.20 or later immediately.

Overview

A high-severity vulnerability in Dell PowerProtect Data Domain could allow an unauthenticated attacker to execute arbitrary commands with the highest system privileges. Tracked as CVE-2026-26944, this flaw affects multiple supported versions of the data protection appliance.

Vulnerability Details

The vulnerability is classified as a missing authentication for critical function. Specifically, a critical function within the Data Domain operating system lacks proper authentication checks. An attacker with network access to an affected system could send specially crafted requests to this function without providing any credentials.

Successful exploitation requires an authenticated user on the system to perform a specific, unknown action, which lowers the attack complexity. If triggered, the exploit allows the attacker to run any operating system command with root (administrator) privileges.

Affected Versions

The following Dell PowerProtect Data Domain versions are confirmed vulnerable:

• Main release versions 7.7.1.0 through 8.6
• LTS2025 release version 8.3.1.0 through 8.3.1.20
• LTS2024 release versions 7.13.1.0 through 7.13.1.60

Impact and Risk

The primary risk is complete system compromise. An attacker gaining root access can read, modify, or delete all protected backup data stored on the appliance, disrupt disaster recovery operations, and use the system as a foothold to attack other network resources. Given the critical role of Data Domain in enterprise backup and recovery, this poses a significant business continuity threat.

Remediation and Mitigation

Dell has released fixed versions to address this vulnerability. Affected users must apply the following updates:

• For main releases, update to version 8.6.0.20 or later.
• For LTS2025 releases, update to version 8.3.1.30 or later.
• For LTS2024 releases, update to version 7.13.1.70 or later.

Apply these patches immediately following standard change control procedures for critical infrastructure. As a temporary mitigation, ensure network access to Data Domain management interfaces is restricted to trusted administrative networks only. Monitor the vendor’s security advisory for any additional guidance.

Security Insight

This vulnerability highlights the persistent risk of privilege escalation paths in complex, monolithic appliance operating systems. Similar “missing authentication” flaws in other backup platforms have historically been targeted to cripple organizational recovery capabilities before a ransomware attack. Ensuring these core data protection systems are patched is a foundational control, as their compromise can nullify an entire security strategy. For more on the evolving threat landscape, see our latest security news.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs