PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46467 Dell CVE debrief

A low privileged attacker with local access could potentially exploit this vulnerability in Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70, leading to information exposure. This vulnerability is an insertion of sensitive information into log file vulnerability. System administrators and security teams should prioritize patching this vulnerability to prevent potential information exposure.

Vendor
Dell
Product
PowerProtect Data Domain
CVSS
MEDIUM 5.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-03
Original CVE updated
2026-07-08
Advisory published
2026-07-03
Advisory updated
2026-07-08

Who should care

System administrators and security teams responsible for Dell PowerProtect Data Domain systems should prioritize patching this vulnerability to prevent potential information exposure. This is particularly important for teams managing sensitive data and systems with local access. The vulnerability's CVSS score of 5.8 indicates a medium severity level, but the potential for information exposure makes it a priority for patching.

Technical summary

The vulnerability exists in Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. This vulnerability is an insertion of sensitive information into log file vulnerability. The affected systems include Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. System administrators and security teams should prioritize patching this vulnerability to prevent potential information exposure.

Defensive priority

Medium priority should be given to patching this vulnerability due to its CVSS score of 5.8 and the potential for information exposure. However, given the low privilege required for exploitation and the local access needed, it may be considered a lower priority compared to vulnerabilities with higher CVSS scores or more severe impacts. Nonetheless, it should be addressed in a timely manner to prevent potential security incidents related to information exposure through log files. Additionally, compensating controls such as monitoring system logs for potential information exposure should be implemented until patching can be completed. This vulnerability could potentially impact system confidentiality if exploited, making it essential for security teams to focus on patching and mitigation efforts promptly. The implementation of compensating controls can help mitigate the risk of information exposure while patching is in progress. Therefore, a medium to high priority should be assigned based on the organization's risk tolerance and the potential impact of information exposure on the systems in question. The priority level should be adjusted according to the specific operational and security context of the affected systems within the organization. Given the potential for information exposure and the affected systems, it is crucial to ensure that security teams are aware of the vulnerability and take appropriate action to mitigate the risk effectively. The vulnerability's impact on system confidentiality and the potential for information exposure through log files should guide the prioritization of patching efforts. In addition to patching, reviewing system logs for signs of potential information exposure and implementing additional monitoring can help reduce the risk associated with this vulnerability. The medium priority assigned to this vulnerability reflects its potential impact and the need for timely mitigation to prevent information exposure through log files in Dell PowerProtect Data Domain systems. The priority level for patching this vulnerability should be aligned with the organization's overall risk management strategy and the specific security posture of

Recommended defensive actions

  • Apply the patches provided by Dell to vulnerable systems.
  • Restrict local access to sensitive systems.
  • Monitor system logs for potential information exposure.
  • Implement compensating controls to detect and respond to potential security incidents.
  • Review system configurations to ensure they align with organizational security policies.
  • Conduct regular security audits to identify and address potential vulnerabilities.
  • Establish a process for tracking and addressing security incidents related to information exposure.

Evidence notes

The CVE record was published on 2026-07-03T13:17:22.990Z and was last modified on 2026-07-08T19:33:06.270Z. The NVD entry is currently Analyzed. This vulnerability affects Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. The information exposure could potentially impact system confidentiality.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T13:17:22.990Z and has not been modified since then. The NVD entry is currently Analyzed.