CVE-2026-35154

MEDIUM

6.3

Description

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability in IDRAC. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges to access unauthorized delete operation in IDRAC.

CVE Details

CVSS v3.1 Score6.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack VectorLOCAL

ComplexityHIGH

Privileges RequiredHIGH

User InteractionREQUIRED

Published4/20/2026

Last Modified4/20/2026

Sourcenvd

Honeypot Sightings0

Weaknesses (CWE)

CWE-269

References

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities(security_alert@emc.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.