Volerion logoVolerion
Volerion logoVolerion

Dell PowerProtect Data Domain OS Command Injection Vulnerability Allowing Arbitrary Command Execution as Root

Vulnerability

A command injection vulnerability has been identified in Dell PowerProtect Data Domain versions 8.5 prior to 8.6. A high-privileged attacker with remote access could exploit this vulnerability to execute arbitrary commands with root privileges. The issue arises from improper neutralization of special elements used in operating system commands.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary command execution with root privileges on the affected system.

Remediation

Users can upgrade to Dell PowerProtect Data Domain version 8.6.1.10, 8.7.0.0 or later. For detailed upgrade instructions, refer to the Dell PowerProtect Data Domain Upgrade Guide. After upgrading, some security scanners may still report false positive findings. For more information on these false positives, consult the respective Dell False Positive Security Vulnerabilities Knowledge Base articles.

Added: Apr 20, 2026, 5:45 PM
Updated: Apr 20, 2026, 5:45 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
4.4
remediation
7.7
relevance
6.3
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.