PatchSiren cyber security CVE debrief
CVE-2026-44268 Dell CVE debrief
CVE-2026-44268 is an incorrect permission assignment for a critical resource vulnerability in Dell PowerProtect Data Domain. A high-privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. The vulnerability exists in multiple versions of Dell PowerProtect Data Domain, including versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability has a CVSS score of 4.4 and a severity of MEDIUM. System administrators and security teams should review and update Dell PowerProtect Data Domain systems to the latest version and implement compensating controls to restrict local access to sensitive resources.
- Vendor
- Dell
- Product
- PowerProtect Data Domain
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-03
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-03
- Advisory updated
- 2026-07-08
Who should care
System administrators and security teams responsible for Dell PowerProtect Data Domain systems should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review and update Dell PowerProtect Data Domain systems to the latest version, implement compensating controls to restrict local access to sensitive resources, and monitor system logs for suspicious activity.
Technical summary
The vulnerability exists in Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability has a CVSS score of 4.4 and a severity of MEDIUM. A high-privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. Defenders should review system configurations, apply vendor-provided security updates, and implement compensating controls to restrict local access to sensitive resources.
Defensive priority
Medium priority due to local access requirement and potential for unauthorized access. Defenders should focus on reviewing system configurations, applying vendor-provided security updates, and implementing compensating controls to restrict local access to sensitive resources.
Recommended defensive actions
- Review and update Dell PowerProtect Data Domain systems to the latest version
- Implement compensating controls to restrict local access to sensitive resources
- Monitor system logs for suspicious activity
- Verify user permissions and access controls
- Apply vendor-provided security updates
- Conduct regular security audits to identify potential vulnerabilities
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-07-03T13:17:15.750Z and was last modified on 2026-07-08T19:33:14.110Z. The NVD entry is currently Analyzed. This vulnerability affects Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability has a CVSS score of 4.4 and a severity of MEDIUM. There is no evidence of exploitation in the wild, but defenders should verify system configurations and apply vendor-provided security updates.
Official resources
-
CVE-2026-44268 CVE record
CVE.org
-
CVE-2026-44268 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T13:17:15.750Z and has not been modified since then. The NVD entry is currently Analyzed.