Dell PowerProtect Data Domain OS and PowerDNS Flaws Prompt New dCERT Alerts
dCERT issued multiple advisories for Dell PowerProtect Data Domain OS and PowerDNS, highlighting newly tracked security flaws across both products. For Dell backup appliances, advisory 2026-1097 reported multiple vulnerabilities in PowerProtect Data Domain OS, followed by advisory 2026-1218, which specifically warned that a vulnerability in the platform could allow code execution.
dCERT also published two separate advisories on PowerDNS—2026-1204 and 2026-1215—each describing multiple vulnerabilities affecting the DNS software. The notices indicate a concentrated wave of disclosures affecting enterprise backup infrastructure and DNS services, with the Dell issue standing out because of its potential to let attackers execute code on vulnerable systems.
Timeline
Apr 23, 2026
dCERT republishes or updates PowerDNS multiple vulnerabilities advisory
dCERT published Advisory 2026-1215 on PowerDNS multiple vulnerabilities one day after Advisory 2026-1204. Based on the identical topic and lack of added detail, this is best treated as a follow-on publication or update rather than a separate underlying vulnerability event.
Apr 23, 2026
dCERT publishes Dell PowerProtect Data Domain OS code execution advisory
dCERT issued Advisory 2026-1218 for Dell PowerProtect Data Domain OS describing a vulnerability that allows code execution. This appears as a new advisory distinct from the earlier multiple-vulnerabilities notice.
Apr 22, 2026
dCERT publishes PowerDNS multiple vulnerabilities advisory
dCERT published Advisory 2026-1204 covering multiple vulnerabilities in PowerDNS. No additional synopsis details are provided in the reference.
Apr 15, 2026
dCERT publishes Dell PowerProtect Data Domain OS vulnerability advisory
dCERT issued Advisory 2026-1097 for Dell PowerProtect Data Domain OS, warning of multiple vulnerabilities affecting the product. The reference does not provide further technical details in the synopsis.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Dell PowerProtect Data Domain Flaws Expose Systems to Unauthorized Access and Root RCE
Dell disclosed two high-severity vulnerabilities in **PowerProtect Data Domain** appliances running multiple **DD OS** releases, including a weak-credentials flaw tracked as `CVE-2026-23853` and a missing-authentication issue tracked as `CVE-2026-26944`. The weak-credentials vulnerability affects Feature Release versions **7.7.1.0 through 8.5**, **LTS2025 8.3.1.0 through 8.3.1.20**, and **LTS2024 7.13.1.0 through 7.13.1.50**, and could allow an unauthenticated attacker with local access to gain unauthorized access to the system. The issue is classified as **CWE-1391** and carries a **CVSS v3.1** score vector of `AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`. Dell also reported `CVE-2026-26944`, a **missing authentication for critical function** flaw classified as **CWE-306**, which could allow an unauthenticated remote attacker to execute arbitrary commands with **root privileges** if an authenticated user performs a specific action. That vulnerability is rated with the **CVSS v3.1** vector `AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`. Both issues were referenced in Dell security guidance, including advisory **`DSA-2026-060`**, and affect backup infrastructure that may be critical to recovery operations, making remediation and version review a priority for defenders.
1 weeks ago
Dell Issues Security Advisories for PowerEdge, PowerProtect, Connectrix, and Networking Products
Dell released multiple security advisories covering vulnerabilities across a broad set of enterprise infrastructure products, and the Canadian Centre for Cyber Security urged organizations to review the notices and apply updates. The affected technologies span storage, networking, data protection, and server platforms, including **Connectrix Switches and Directors**, **AMD-based PowerEdge Servers**, **Dell Command | Update** versions prior to `5.7.0`, **PowerProtect Data Domain**, and **Dell Storage Manager - Replay Manager for Microsoft Servers** versions prior to `8.0.3`. Additional advisories also affected **Data Protection Advisor**, **Dell EMC Isilon OneFS**, **Dell EMC PowerScale**, **Dell Networking OS10**, **PowerProtect DP Series Appliance**, **Elastic Cloud Storage**, **ObjectScale**, and several **PowerSwitch** models. The Canadian notice linked Dell advisories including `DSA-2026-041`, `DSA-2026-171`, `DSA-2026-058`, and `DSA-2026-190`, and characterized the activity as a vendor patch and mitigation effort rather than evidence of active exploitation.
5 days ago
Dell Advisories Address Third-Party Component Flaws Across APEX, NetWorker, and Secure Connect Gateway
Dell issued multiple security advisories covering vulnerabilities across a broad set of enterprise products, including **APEX Cloud Platform for Red Hat OpenShift**, **APEX Cloud Platforms Solution Offerings**, **APEX**, **Dell Secure Connect Gateway Appliance**, **Dell Policy Manager for Secure Connect Gateway Appliance**, **Dell NetWorker**, **Dell Storage Monitoring and Reporting**, **Dell Storage Resource Manager**, and **Dell PowerSwitch Z9664F-ON**. The Canadian Centre for Cyber Security said the advisories span both Dell-developed software and bundled third-party components, with specific issues including **Apache Tomcat** vulnerabilities in NetWorker, **rsync** vulnerabilities in Dell networking products, and multiple third-party component flaws in Secure Connect Gateway-related offerings. Affected versions cited in the notices include Dell Policy Manager for Secure Connect Gateway Appliance before `5.32.00.18`, Dell Secure Connect Gateway Appliance before `5.34.00.16`, Dell NetWorker `19.14` and `19.9` through `19.13.0.2`, Dell PowerSwitch Z9664F-ON before `3.54.5.1-11`, and Dell Storage Monitoring and Reporting and Storage Resource Manager before `6.0.0.2`. The Cyber Centre urged organizations to review Dell’s product-specific advisories and apply the required updates to reduce exposure across infrastructure, storage, networking, and cloud platform environments.
1 months ago