CVE-2026-22762

MEDIUM

Dell Avamar <19.10 SP1 - Path Traversal

Title source: llm

Description

Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete.

References (1)

Core 1

Core References

Various Sources vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000425796/dsa-2026-053-security-update-for-dell-avamar-server-and-dell-avamar-virtual-edition-improper-limitation-of-a-pathname-to-a-restricted-directory-path-traversal-vulnerability

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

Dell/Avamar Server 19.9 through 19.10 SP1 - 19.10 SP1 with CHF 338912 or later

Dell/Avamar Virtual Edition 19.9 through 19.10 SP1 - 19.10 SP1 with CHF 338912 or later

Dell/PowerProtect DP Series Appliance (IDPA) < 2.7.9 with AV CHF 338912

Published Feb 17, 2026

Tracked Since Feb 18, 2026