PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-49814 Dell CVE debrief

CVE-2026-49814 is an OS Command Injection vulnerability in Dell PowerProtect Data Domain. A high-privileged attacker with remote access could exploit this vulnerability, leading to arbitrary command execution. This vulnerability affects Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability has a CVSS score of 7.2 and is classified as HIGH severity.

Vendor
Dell
Product
PowerProtect Data Domain
CVSS
HIGH 7.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-03
Original CVE updated
2026-07-07
Advisory published
2026-07-03
Advisory updated
2026-07-07

Who should care

Security teams and administrators responsible for Dell PowerProtect Data Domain systems should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review their environments for affected versions and apply patches or updates as recommended by the vendor.

Technical summary

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

Defensive priority

High

Recommended defensive actions

  • Inventory and assess Dell PowerProtect Data Domain systems for vulnerability
  • Apply vendor-provided patches or updates
  • Implement compensating controls, such as network segmentation and access controls
  • Monitor systems for suspicious activity
  • Review and update incident response plans
  • Verify the presence of affected versions in the environment
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-07-03T15:16:32.610Z and was last modified on 2026-07-07T05:16:51.877Z. The NVD entry is currently Undergoing Analysis. Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 are affected. Security teams should verify the presence of these versions in their environments.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T15:16:32.610Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.