CVE-2026-41124
LOWDell PowerProtect Data Domain - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Title source: ruleDescription
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
References (1)
Core 1
Core References
Scores
CVSS v3
2.3
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (4)
Dell/PowerProtect Data Domain
< 7.13.1.80 or later
Dell/PowerProtect Data Domain
< 8.3.1.40 or later
Dell/PowerProtect Data Domain
< 8.6.1.20 or later
Dell/PowerProtect Data Domain
< 8.8.0.0 or later
Published
Jul 03, 2026
Tracked Since
Jul 03, 2026