High

OS Command Injection in Dell PowerProtect Data Domain DD OS

IdentifiersCVE-2026-26942CWE-78· Improper Neutralization of Special…

CVE-2026-26942 is an OS command injection vulnerability in Dell PowerProtect Data Domain products running Data Domain Operating System (DD OS), including Dell PowerProtect Data Domain series appliances, Data Domain Virtual Edition, Dell APEX Protection Storage, and Data Domain Management Center. The provided content states that affected versions include DD OS 8.5 through 8.6, and more specifically release trains 7.7.1.0 through 8.6.0.0 in Dell’s advisory matrix. The flaw is described as improper neutralization of special elements used in an OS command, allowing attacker-controlled input to be incorporated into operating system command execution. A high-privileged attacker with remote access could exploit the issue to achieve arbitrary command execution with root privileges on the affected system.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows arbitrary OS command execution as root. This gives the attacker full control over the affected appliance or management component, with resulting high impact to confidentiality, integrity, and availability. In practical terms, root-level execution on backup infrastructure can enable data access, tampering with backup sets or configuration, service disruption, and broader compromise of systems managed by or trusting the affected platform.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict remote access to administrative and management interfaces to only trusted management networks and administrators, minimize the number of high-privilege accounts, and monitor for suspicious command execution or administrative activity on DD OS systems. Because the content specifies exploitation by a high-privileged remote attacker, reducing privileged access paths and network exposure is the primary interim mitigation. Definitive mitigation requires upgrading to a fixed version.

Remediation

Patch, then assume compromise.

Upgrade affected Dell PowerProtect Data Domain/DD OS deployments to a remediated release. The provided content states Dell remediated CVE-2026-26942 in DD OS 8.6.1.10 and 8.7.0.0 or later. The advisory matrix also states that PowerProtect DP Series Appliance issues tied to this DD OS vulnerability set are remediated in version 2.7.9 with DD OS 8.3.1.30. Apply the vendor-provided fixed versions appropriate to the deployed release train and product variant.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Dell TechnologiesData Domain Operating Systemoperating_system

Dell TechnologiesPowerprotect Data Domainapplication

Dell TechnologiesPowerprotect Dp Series Applianceapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

zeropath blogNews

Apr 20, 2026

Brief Summary: CVE-2026-26944 Missing Authentication in Dell PowerProtect Data Domain Enables Remote Root Command Execution - ZeroPath Blog | ZeroPath

An OS command injection vulnerability in Dell PowerProtect Data Domain discussed as part of Dell Security Advisory DSA-2026-060.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-26942

NVD

nvd.nist.gov/vuln/detail/CVE-2026-26942

MITRE CWE · CWE-78

Improper Neutralization of Special Elements…

Vendor Advisory

dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities