PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46468 Dell CVE debrief

A high privileged attacker with local access could potentially exploit the link following vulnerability in Dell PowerProtect Data Domain, leading to information exposure. This vulnerability affects Dell PowerProtect Data Domain systems, particularly versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability is related to an improper link resolution before file access ('Link following') issue. The CVE record was published on 2026-07-03T13:17:23.110Z and was last modified on 2026-07-08T19:33:04.140Z. The NVD entry is currently Analyzed. System administrators and security teams should review and validate affected scope, severity, and vendor guidance.

Vendor
Dell
Product
PowerProtect Data Domain
CVSS
MEDIUM 4.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-03
Original CVE updated
2026-07-08
Advisory published
2026-07-03
Advisory updated
2026-07-08

Who should care

System administrators and security teams responsible for Dell PowerProtect Data Domain systems, particularly those with high-privileged local access, should be aware of this vulnerability. They should review the official CVE record and vendor advisory for affected scope, severity, and guidance. Additionally, operators and platform administrators should verify and limit local high-privileged access to mitigate potential exposure.

Technical summary

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70, contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. The vulnerability is related to an improper link resolution before file access ('Link following') issue.

Defensive priority

Medium priority due to local access requirement and potential for information exposure.

Recommended defensive actions

  • Inventory and assess Dell PowerProtect Data Domain systems for vulnerability
  • Apply vendor-provided security updates
  • Implement compensating controls, such as monitoring and access restrictions
  • Verify and limit local high-privileged access
  • Review and validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-03T13:17:23.110Z and was last modified on 2026-07-08T19:33:04.140Z. The NVD entry is currently Analyzed. This vulnerability affects Dell PowerProtect Data Domain systems, particularly versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability is related to an improper link resolution before file access ('Link following') issue. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. To verify and mitigate this vulnerability, defenders should review the official CVE record and vendor advisory for affected scope, severity, and guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T13:17:23.110Z and has not been modified since then. The NVD entry is currently Analyzed.