CVE-2026-46467
Summary
| CVE | CVE-2026-46467 |
|---|---|
| State | PUBLISHED |
| Assigner | dell |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-03 13:17:22 UTC |
| Updated | 2026-07-03 13:17:22 UTC |
| Description | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
Risk And Classification
Primary CVSS: v3.1 5.8 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
Problem Types: CWE-532 | CWE-532 CWE-532: Insertion of Sensitive Information into Log File
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 5.8 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L |
| 3.1 | CNA | CVSS | 5.8 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
HighPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
LowAvailability
LowCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Dell | PowerProtect Data Domain | affected 8.8.0.0 or later semver | Not specified |
| CNA | Dell | PowerProtect Data Domain | affected 8.6.1.20 or later semver | Not specified |
| CNA | Dell | PowerProtect Data Domain | affected 8.3.1.40 or later semver | Not specified |
| CNA | Dell | PowerProtect Data Domain | affected 7.13.1.80 or later semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-fo... | [email protected] | www.dell.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.