PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-41123 Dell CVE debrief

A low privileged attacker with remote access could potentially exploit the improper access control vulnerability in Dell PowerProtect Data Domain, leading to information tampering. This vulnerability affects multiple versions of Dell PowerProtect Data Domain and has a CVSS score of 4.3, indicating a medium severity. The vulnerability is related to an improper access control in the RBAC. System administrators and security teams responsible for Dell PowerProtect Data Domain systems should be aware of this vulnerability and take necessary actions to mitigate it. The CVE record was published on 2026-07-03T13:17:10.720Z and was last modified on 2026-07-08T19:34:50.650Z.

Vendor
Dell
Product
PowerProtect Data Domain
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-03
Original CVE updated
2026-07-08
Advisory published
2026-07-03
Advisory updated
2026-07-08

Who should care

System administrators and security teams responsible for Dell PowerProtect Data Domain systems should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing and updating Dell PowerProtect Data Domain systems to ensure they are running a version that addresses this vulnerability, implementing compensating controls to monitor and restrict access to sensitive data, verifying and enforcing proper role-based access control (RBAC) configurations, monitoring system logs for suspicious activity, and considering applying vendor-provided security updates.

Technical summary

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. The vulnerability has a CVSS score of 4.3, indicating a medium severity. To mitigate this vulnerability, it is recommended to review and update Dell PowerProtect Data Domain systems to ensure they are running a version that addresses this vulnerability.

Defensive priority

Medium priority due to the CVSS score of 4.3 and the potential for information tampering.

Recommended defensive actions

  • Review and update Dell PowerProtect Data Domain systems to ensure they are running a version that addresses this vulnerability.
  • Implement compensating controls to monitor and restrict access to sensitive data.
  • Verify and enforce proper role-based access control (RBAC) configurations.
  • Monitor system logs for suspicious activity.
  • Consider applying vendor-provided security updates.
  • Perform a thorough review of the affected systems and components to identify potential exposure.
  • Track exceptions and retest remediated assets to ensure the vulnerability is fully mitigated.

Evidence notes

The CVE record was published on 2026-07-03T13:17:10.720Z and was last modified on 2026-07-08T19:34:50.650Z. The NVD entry is currently Analyzed. This vulnerability affects Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability is related to an improper access control in the RBAC, which could potentially be exploited by a low privileged attacker with remote access, leading to information tampering. The CVSS score of 4.3 indicates a medium severity. To verify the vulnerability, defenders should review the official CVE record and NVD entry for more information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T13:17:10.720Z and has not been modified since then. The NVD entry is currently Analyzed.