{"api_version":"1","generated_at":"2026-04-22T21:39:06+00:00","cve":"CVE-2026-23853","urls":{"html":"https://cve.report/CVE-2026-23853","api":"https://cve.report/api/cve/CVE-2026-23853.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-23853","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-23853"},"summary":{"title":"CVE-2026-23853","description":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system.","state":"PUBLISHED","assigner":"dell","published_at":"2026-04-17 08:16:16","updated_at":"2026-04-17 15:13:15"},"problem_types":["CWE-1391","CWE-1391 CWE-1391: Use of Weak Credentials"],"metrics":[{"version":"3.1","source":"security_alert@emc.com","type":"Secondary","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","name":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","refsource":"security_alert@emc.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-23853","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23853","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Dell","product":"PowerProtect Data Domain","version":"affected 8.6.0.0 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerProtect Data Domain","version":"affected 8.3.1.20 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerProtect Data Domain","version":"affected 7.13.1.50 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerProtect Data Domain","version":"affected 2.7.9 with DD OS 8.3.1.30 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"23853","cve":"CVE-2026-23853","epss":"0.000090000","percentile":"0.008970000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:41"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-23853","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-17T12:12:29.935948Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-17T12:12:40.318Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"PowerProtect Data Domain","vendor":"Dell","versions":[{"lessThan":"8.6.0.0 or later","status":"affected","version":"0","versionType":"semver"},{"lessThan":"8.3.1.20 or later","status":"affected","version":"0","versionType":"semver"},{"lessThan":"7.13.1.50 or later","status":"affected","version":"0","versionType":"semver"},{"lessThan":"2.7.9 with DD OS 8.3.1.30","status":"affected","version":"0","versionType":"semver"}]}],"datePublic":"2026-04-15T18:30:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system."}],"value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1391","description":"CWE-1391: Use of Weak Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-17T07:16:47.717Z","orgId":"c550e75a-17ff-4988-97f0-544cde3820fe","shortName":"dell"},"references":[{"tags":["vendor-advisory"],"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}}},"cveMetadata":{"assignerOrgId":"c550e75a-17ff-4988-97f0-544cde3820fe","assignerShortName":"dell","cveId":"CVE-2026-23853","datePublished":"2026-04-17T07:16:26.138Z","dateReserved":"2026-01-16T18:05:07.318Z","dateUpdated":"2026-04-17T12:12:40.318Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-17 08:16:16","lastModifiedDate":"2026-04-17 15:13:15","problem_types":["CWE-1391","CWE-1391 CWE-1391: Use of Weak Credentials"],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"23853","Ordinal":"1","Title":"CVE-2026-23853","CVE":"CVE-2026-23853","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"23853","Ordinal":"1","NoteData":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system.","Type":"Description","Title":"CVE-2026-23853"}]}}}