PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44269 Dell CVE debrief

A high privileged attacker with local access could potentially exploit this improper link resolution before file access ('link following') vulnerability in Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70, leading to unauthorized access. The vulnerability class is related to link following, and the likely operational impact is unauthorized access. However, the source-confidence limits and review context are limited.

Vendor
Dell
Product
PowerProtect Data Domain
CVSS
MEDIUM 4.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-03
Original CVE updated
2026-07-07
Advisory published
2026-07-03
Advisory updated
2026-07-07

Who should care

Users of Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70, should be aware of this vulnerability and take necessary actions to protect their systems. The affected operator is the system administrator, and the platform is Dell PowerProtect Data Domain.

Technical summary

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. The vulnerability could allow a high privileged attacker with local access to potentially exploit this vulnerability, leading to unauthorized access. The affected product context is Dell PowerProtect Data Domain, and the defensive impact is related to unauthorized access.

Defensive priority

Medium

Recommended defensive actions

  • Inventory affected Dell PowerProtect Data Domain systems
  • Apply vendor remediation
  • Implement compensating controls
  • Monitor for suspicious activity
  • Exception tracking and retest
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-03T13:17:15.870Z and was last modified on 2026-07-07T18:16:38.567Z. The source details are limited, and further verification is needed to confirm affected scope and severity. Defenders should review the official advisory and CVE record for validation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T13:17:15.870Z and has not been modified since then.