CVE-2026-23776 HIGH

CVE-2026-23776

Vendor Dell
Product PowerProtect Data Domain
Weakness CWE-295
Published April 17, 2026
Last update April 20, 2026
View on NVD All CVEs

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Key dates

02Disclosure timeline

April 17, 2026 CVE published
April 20, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients CVE-2023-50314 IBM WebSphere Application Server Libery information disclosure CVE-2023-39441 Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation CVE-2025-30279 File Station 5 CVE-2026-45745 Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft