CVE-2026-53481

CRITICAL

Dell PowerProtect Data Domain - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Title source: rule
STIX 2.1

Description

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.

Scores

CVSS v3 9.8
EPSS 0.0063
EPSS Percentile 45.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-22
Status published
Products (4)
Dell/PowerProtect Data Domain < 7.13.1.80 or later
Dell/PowerProtect Data Domain < 8.3.1.40 or later
Dell/PowerProtect Data Domain < 8.6.1.20 or later
Dell/PowerProtect Data Domain < 8.8.0.0 or later
Published Jul 07, 2026
Tracked Since Jul 07, 2026