PatchSiren cyber security CVE debrief
CVE-2026-53479 Dell CVE debrief
CVE-2026-53479 is an OS command injection vulnerability in Dell PowerProtect Data Domain. A remote high privileged attacker could exploit this vulnerability, leading to protection mechanism bypass. The vulnerability affects Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. Administrators and users of these versions should apply patches at the earliest opportunity. The vulnerability has a CVSS score of 7.2 and is classified as HIGH severity.
- Vendor
- Dell
- Product
- PowerProtect Data Domain
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-08
Who should care
Administrators and users of Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70 should apply patches at the earliest opportunity. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for these systems.
Technical summary
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass.
Defensive priority
High
Recommended defensive actions
- Apply patches at the earliest opportunity
- Restrict access to affected systems
- Monitor for suspicious activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-07T14:16:32.410Z and was last modified on 2026-07-07T14:35:12.823Z. The NVD entry is currently Undergoing Analysis. This information is based on the CVE record and NVD entry. Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 are affected. However, specific details about the vulnerability and affected systems should be verified with the official CVE record and vendor advisories.
Official resources
-
CVE-2026-53479 CVE record
CVE.org
-
CVE-2026-53479 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T14:16:32.410Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.