PatchSiren cyber security CVE debrief
CVE-2026-41123 Dell CVE debrief
A low privileged attacker with remote access could potentially exploit the improper access control vulnerability in Dell PowerProtect Data Domain, leading to information tampering. This vulnerability affects multiple versions of Dell PowerProtect Data Domain and has a CVSS score of 4.3, indicating a medium severity. The vulnerability is related to an improper access control in the RBAC. System administrators and security teams responsible for Dell PowerProtect Data Domain systems should be aware of this vulnerability and take necessary actions to mitigate it. The CVE record was published on 2026-07-03T13:17:10.720Z and was last modified on 2026-07-08T19:34:50.650Z.
- Vendor
- Dell
- Product
- PowerProtect Data Domain
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-03
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-03
- Advisory updated
- 2026-07-08
Who should care
System administrators and security teams responsible for Dell PowerProtect Data Domain systems should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing and updating Dell PowerProtect Data Domain systems to ensure they are running a version that addresses this vulnerability, implementing compensating controls to monitor and restrict access to sensitive data, verifying and enforcing proper role-based access control (RBAC) configurations, monitoring system logs for suspicious activity, and considering applying vendor-provided security updates.
Technical summary
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. The vulnerability has a CVSS score of 4.3, indicating a medium severity. To mitigate this vulnerability, it is recommended to review and update Dell PowerProtect Data Domain systems to ensure they are running a version that addresses this vulnerability.
Defensive priority
Medium priority due to the CVSS score of 4.3 and the potential for information tampering.
Recommended defensive actions
- Review and update Dell PowerProtect Data Domain systems to ensure they are running a version that addresses this vulnerability.
- Implement compensating controls to monitor and restrict access to sensitive data.
- Verify and enforce proper role-based access control (RBAC) configurations.
- Monitor system logs for suspicious activity.
- Consider applying vendor-provided security updates.
- Perform a thorough review of the affected systems and components to identify potential exposure.
- Track exceptions and retest remediated assets to ensure the vulnerability is fully mitigated.
Evidence notes
The CVE record was published on 2026-07-03T13:17:10.720Z and was last modified on 2026-07-08T19:34:50.650Z. The NVD entry is currently Analyzed. This vulnerability affects Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability is related to an improper access control in the RBAC, which could potentially be exploited by a low privileged attacker with remote access, leading to information tampering. The CVSS score of 4.3 indicates a medium severity. To verify the vulnerability, defenders should review the official CVE record and NVD entry for more information.
Official resources
-
CVE-2026-41123 CVE record
CVE.org
-
CVE-2026-41123 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T13:17:10.720Z and has not been modified since then. The NVD entry is currently Analyzed.