Vulnerability-Lookup

CNVD-2026-18586

Vulnerability from cnvd - Published: 2026-04-21

Title

Dell PowerProtect Data Domain信息泄露漏洞（CNVD-2026-18586）

Description

Dell PowerProtect Data Domain是一款数据保护存储设备，主要用于备份、归档和灾难恢复。 Dell PowerProtect Data Domain存在信息泄露漏洞。该漏洞源于系统将敏感信息暴露给未授权的访问者，攻击者可利用该漏洞通过远程访问权限导致敏感信息泄露。

Severity

中

Patch Name

Dell PowerProtect Data Domain信息泄露漏洞（CNVD-2026-18586）的补丁

Patch Description

Dell PowerProtect Data Domain是一款数据保护存储设备，主要用于备份、归档和灾难恢复。 Dell PowerProtect Data Domain存在信息泄露漏洞。该漏洞源于系统将敏感信息暴露给未授权的访问者，攻击者可利用该漏洞通过远程访问权限导致敏感信息泄露。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-23777

Impacted products

Name
DELL Dell PowerProtect Data Domain

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-23777",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-23777"
    }
  },
  "description": "Dell PowerProtect Data Domain\u662f\u4e00\u6b3e\u6570\u636e\u4fdd\u62a4\u5b58\u50a8\u8bbe\u5907\uff0c\u4e3b\u8981\u7528\u4e8e\u5907\u4efd\u3001\u5f52\u6863\u548c\u707e\u96be\u6062\u590d\u3002\n\nDell PowerProtect Data Domain\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u5c06\u654f\u611f\u4fe1\u606f\u66b4\u9732\u7ed9\u672a\u6388\u6743\u7684\u8bbf\u95ee\u8005\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8fdc\u7a0b\u8bbf\u95ee\u6743\u9650\u5bfc\u81f4\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-18586",
  "openTime": "2026-04-21",
  "patchDescription": "Dell PowerProtect Data Domain\u662f\u4e00\u6b3e\u6570\u636e\u4fdd\u62a4\u5b58\u50a8\u8bbe\u5907\uff0c\u4e3b\u8981\u7528\u4e8e\u5907\u4efd\u3001\u5f52\u6863\u548c\u707e\u96be\u6062\u590d\u3002\r\n\r\nDell PowerProtect Data Domain\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u5c06\u654f\u611f\u4fe1\u606f\u66b4\u9732\u7ed9\u672a\u6388\u6743\u7684\u8bbf\u95ee\u8005\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8fdc\u7a0b\u8bbf\u95ee\u6743\u9650\u5bfc\u81f4\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell PowerProtect Data Domain\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-18586\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "DELL Dell PowerProtect Data Domain"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-23777",
  "serverity": "\u4e2d",
  "submitTime": "2026-04-20",
  "title": "Dell PowerProtect Data Domain\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2026-18586\uff09"
}

CVE-2026-23777 (GCVE-0-2026-23777)

Vulnerability from cvelistv5 – Published: 2026-04-17 11:52 – Updated: 2026-04-17 13:14

Summary

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00045069…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerProtect Data Domain	Affected: 0 , < 8.6.0.0 or later (semver) Affected: 0 , < 8.3.1.20 or later (semver) Affected: 0 , < 7.13.1.50 or later (semver) Affected: 0 , < 2.7.9 with DD OS 8.3.1.30 (semver)

Date Public ?

2026-04-15 18:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T13:13:23.822968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-17T13:14:12.461Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerProtect Data Domain",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "8.6.0.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.1.20 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.13.1.50 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.7.9 with DD OS 8.3.1.30",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-04-15T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure."
            }
          ],
          "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information exposure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T11:52:13.427Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2026-23777",
    "datePublished": "2026-04-17T11:52:13.427Z",
    "dateReserved": "2026-01-16T06:05:50.873Z",
    "dateUpdated": "2026-04-17T13:14:12.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-18586

CVE-2026-23777 (GCVE-0-2026-23777)

Tags

Sightings

Nomenclature