PatchSiren cyber security CVE debrief
CVE-2026-49814 Dell CVE debrief
CVE-2026-49814 is an OS Command Injection vulnerability in Dell PowerProtect Data Domain. A high-privileged attacker with remote access could exploit this vulnerability, leading to arbitrary command execution. This vulnerability affects Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70. The vulnerability has a CVSS score of 7.2 and is classified as HIGH severity.
- Vendor
- Dell
- Product
- PowerProtect Data Domain
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-03
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-03
- Advisory updated
- 2026-07-07
Who should care
Security teams and administrators responsible for Dell PowerProtect Data Domain systems should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review their environments for affected versions and apply patches or updates as recommended by the vendor.
Technical summary
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Defensive priority
High
Recommended defensive actions
- Inventory and assess Dell PowerProtect Data Domain systems for vulnerability
- Apply vendor-provided patches or updates
- Implement compensating controls, such as network segmentation and access controls
- Monitor systems for suspicious activity
- Review and update incident response plans
- Verify the presence of affected versions in the environment
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-07-03T15:16:32.610Z and was last modified on 2026-07-07T05:16:51.877Z. The NVD entry is currently Undergoing Analysis. Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 are affected. Security teams should verify the presence of these versions in their environments.
Official resources
-
CVE-2026-49814 CVE record
CVE.org
-
CVE-2026-49814 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T15:16:32.610Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.