Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-46730

CVE-2026-46730: Dell Data Domain OS Auth Bypass Flaw

CVE-2026-46730 is an authentication bypass vulnerability in Dell PowerProtect Data Domain Operating System that enables unauthorized command execution. This article covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2026-46730 Overview

CVE-2026-46730 is an incorrect authorization vulnerability [CWE-863] in Dell PowerProtect Data Domain. The flaw affects Dell Data Domain Operating System (DD OS) across multiple release trains, including mainline versions 7.7.1.0 through 8.7 and the LTS2026, LTS2025, and LTS2024 branches. A high-privileged attacker with local access can bypass authorization checks and execute unauthorized commands on the appliance. Because Data Domain systems store backup data central to enterprise recovery, unauthorized command execution on the operating system can compromise backup integrity and availability.

Critical Impact

A local, high-privileged attacker can perform unauthorized command execution on Dell PowerProtect Data Domain appliances, undermining the trust boundary of the backup platform.

Affected Products

  • Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7
  • Dell PowerProtect Data Domain LTS2026, versions 8.6.1.0 through 8.6.1.10; LTS2025, versions 8.3.1.0 through 8.3.1.30
  • Dell PowerProtect Data Domain LTS2024, versions 7.13.1.0 through 7.13.1.70

Discovery Timeline

  • 2026-07-03 - CVE-2026-46730 published to NVD
  • 2026-07-08 - Last updated in NVD database

Technical Details for CVE-2026-46730

Vulnerability Analysis

CVE-2026-46730 is classified under [CWE-863] Incorrect Authorization. The Data Domain Operating System validates authentication for a privileged administrative context but fails to correctly enforce authorization for specific command paths available in that context. As a result, an operator-level or otherwise high-privileged local session can invoke functionality that should be restricted to a more limited role or a separate trust boundary.

The outcome is unauthorized command execution within the appliance operating system. On a backup target, that capability can be used to modify configuration, alter retention behavior, or interact with data services that would normally require a distinct privilege boundary. Dell has issued fixed builds across the mainline and LTS branches through the DSA-2026-278 advisory.

Root Cause

The root cause is an authorization check that trusts a caller's existing privilege level as sufficient for a command that requires a stricter check. In systems following [CWE-863], the code path either omits the secondary authorization step or evaluates it against the wrong subject or role. The vulnerability does not stem from authentication failure. Credentials are legitimate, but the appliance does not correctly determine whether those credentials are entitled to the requested operation.

Attack Vector

Exploitation requires local access to the Data Domain appliance and an existing high-privileged account. The attacker interacts with the management interface or command shell exposed by DD OS and invokes the mis-authorized command. No user interaction is required beyond the attacker's own session. The scope is unchanged, and confidentiality, integrity, and availability impacts are each limited to the appliance itself. Refer to the Dell Security Advisory DSA-2026-278 for the vendor's technical description.

Detection Methods for CVE-2026-46730

Indicators of Compromise

  • Execution of privileged DD OS commands by accounts that do not normally run them, particularly outside change windows.
  • Configuration changes to retention lock, replication, or user management that are not tied to an approved ticket.
  • Successful logins from administrative accounts on management interfaces, followed by command activity that deviates from operator baselines.

Detection Strategies

  • Enable and centralize DD OS audit logging, including system show, user, adminaccess, and shell command history, and forward to a SIEM for correlation.
  • Baseline expected administrative commands per account and alert on execution of commands outside that baseline.
  • Correlate local console and SSH session events with configuration change events to identify command sequences that indicate authorization abuse.

Monitoring Recommendations

  • Monitor administrative account usage on all Data Domain appliances and flag privilege changes or new local accounts.
  • Track DD OS software versions across the fleet and alert when appliances remain on vulnerable builds after the patch window.
  • Review backup job integrity and retention lock status on a scheduled cadence to detect unauthorized alterations.

How to Mitigate CVE-2026-46730

Immediate Actions Required

  • Identify all Dell PowerProtect Data Domain appliances and record their DD OS versions against the affected ranges.
  • Apply the fixed DD OS builds listed in Dell Security Advisory DSA-2026-278 on the appropriate mainline or LTS branch.
  • Rotate credentials for high-privileged local accounts and review recent administrative activity for unexpected commands.

Patch Information

Dell has released fixed versions across each affected train. Administrators should upgrade to the remediated build on their supported branch: mainline (post-8.7), LTS2026 (post-8.6.1.10), LTS2025 (post-8.3.1.30), or LTS2024 (post-7.13.1.70). Confirm the exact fixed build for your deployment in the DSA-2026-278 advisory before scheduling the upgrade.

Workarounds

  • Restrict local and management-plane access to Data Domain appliances to a small set of jump hosts and administrators.
  • Enforce multi-person approval for high-privileged accounts and disable unused administrative accounts until patching completes.
  • Segment the backup management network so that only authorized operators can reach the DD OS management interfaces.
bash
# Example: check current DD OS version before and after patching
ssh sysadmin@dd-appliance
system show version
system upgrade status

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.