PatchSiren cyber security CVE debrief
CVE-2026-35154 Dell CVE debrief
CVE-2026-35154 is a Dell PowerProtect Data Domain vulnerability involving improper privilege management. According to the CVE description, a high-privileged attacker with local access could potentially elevate privileges to perform unauthorized delete operations. The issue was publicly disclosed on 2026-04-20 and later modified on 2026-05-11. The NVD record lists CVSS 3.1 severity as MEDIUM (6.3) with local, high-complexity conditions and high privileges required.
- Vendor
- Dell
- Product
- CVE-2026-35154
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-20
- Original CVE updated
- 2026-05-11
- Advisory published
- 2026-04-20
- Advisory updated
- 2026-05-11
Who should care
Organizations running Dell PowerProtect Data Domain appliances should care, especially administrators and security teams responsible for systems where privileged local access is possible. Because the issue can enable unauthorized delete actions, backup and recovery operations may be at risk if affected systems are exposed to a malicious insider or another actor with elevated local foothold.
Technical summary
The vulnerability is classified as improper privilege management, mapped in the supplied NVD data to CWE-269. The NVD vector is CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H, indicating local exploitation with high privileges and user interaction. The supplied Dell advisory reference and NVD metadata point to affected Data Domain operating system ranges, including 7.13.1.0 through 7.13.1.70, 8.3.0.0 through 8.3.1.30, and 8.4.0.0 through 8.6.1.0. The CVE description text separately states affected ranges as 7.7.1.0 through 8.7.0.0, LTS2025 8.3.1.0 through 8.3.1.20, and LTS2024 7.13.1.0 through 7.13.1.60, so version applicability should be verified against Dell’s advisory before actioning remediation.
Defensive priority
Medium. The issue requires local high privileges, but it can affect systems that protect backup and deletion workflows, so confirmation and remediation should still be treated as operationally important for Data Domain environments.
Recommended defensive actions
- Review Dell security advisory DSA-2026-060 for the authoritative remediation guidance and affected-version matrix.
- Identify any PowerProtect Data Domain appliances running the affected release lines in your environment.
- Prioritize systems where privileged local access is broadly available or where multiple administrators share access.
- Apply the vendor-recommended update or mitigation as soon as feasible after validating maintenance windows.
- Audit local administrative access paths and limit who can obtain high-privilege shell or appliance access.
- Monitor for unexpected deletion activity or changes to retention, protection, or administrative controls on affected systems.
- Record the version-range discrepancy between the CVE description and NVD criteria and confirm exposure directly with Dell guidance.
Evidence notes
All substantive claims in this debrief are grounded in the supplied CVE description, NVD metadata, and the Dell advisory reference listed in the source corpus. The CVSS 6.3 MEDIUM rating, CVSS vector, and CWE-269 mapping come from the NVD record in the corpus. Version ranges are taken from the supplied CVE description and NVD CPE criteria; because they are not identical, applicability should be confirmed against the Dell advisory. No exploit steps or unsupported operational details are included.
Official resources
-
CVE-2026-35154 CVE record
CVE.org
-
CVE-2026-35154 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2026-04-20 and modified on 2026-05-11. No KEV listing is indicated in the supplied data.