CVE-2026-53481
CRITICALDell PowerProtect Data Domain - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Title source: ruleDescription
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.
References (1)
Core 1
Core References
Scores
CVSS v3
9.8
EPSS
0.0063
EPSS Percentile
45.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (4)
Dell/PowerProtect Data Domain
< 7.13.1.80 or later
Dell/PowerProtect Data Domain
< 8.3.1.40 or later
Dell/PowerProtect Data Domain
< 8.6.1.20 or later
Dell/PowerProtect Data Domain
< 8.8.0.0 or later
Published
Jul 07, 2026
Tracked Since
Jul 07, 2026