PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44268 Dell CVE debrief

CVE-2026-44268 is an incorrect permission assignment for a critical resource vulnerability in Dell PowerProtect Data Domain. A high-privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. The vulnerability exists in multiple versions of Dell PowerProtect Data Domain, including versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability has a CVSS score of 4.4 and a severity of MEDIUM. System administrators and security teams should review and update Dell PowerProtect Data Domain systems to the latest version and implement compensating controls to restrict local access to sensitive resources.

Vendor
Dell
Product
PowerProtect Data Domain
CVSS
MEDIUM 4.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-03
Original CVE updated
2026-07-08
Advisory published
2026-07-03
Advisory updated
2026-07-08

Who should care

System administrators and security teams responsible for Dell PowerProtect Data Domain systems should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review and update Dell PowerProtect Data Domain systems to the latest version, implement compensating controls to restrict local access to sensitive resources, and monitor system logs for suspicious activity.

Technical summary

The vulnerability exists in Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability has a CVSS score of 4.4 and a severity of MEDIUM. A high-privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. Defenders should review system configurations, apply vendor-provided security updates, and implement compensating controls to restrict local access to sensitive resources.

Defensive priority

Medium priority due to local access requirement and potential for unauthorized access. Defenders should focus on reviewing system configurations, applying vendor-provided security updates, and implementing compensating controls to restrict local access to sensitive resources.

Recommended defensive actions

  • Review and update Dell PowerProtect Data Domain systems to the latest version
  • Implement compensating controls to restrict local access to sensitive resources
  • Monitor system logs for suspicious activity
  • Verify user permissions and access controls
  • Apply vendor-provided security updates
  • Conduct regular security audits to identify potential vulnerabilities
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-07-03T13:17:15.750Z and was last modified on 2026-07-08T19:33:14.110Z. The NVD entry is currently Analyzed. This vulnerability affects Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability has a CVSS score of 4.4 and a severity of MEDIUM. There is no evidence of exploitation in the wild, but defenders should verify system configurations and apply vendor-provided security updates.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T13:17:15.750Z and has not been modified since then. The NVD entry is currently Analyzed.