DSA-2026-053: Security update for Dell Avamar Server and Dell Avamar Virtual Edition Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability
Summary: Dell Avamar Server and Dell Avamar Virtual Edition remediation is available for improper limitation of a pathname to a restricted directory ('path traversal') vulnerability that could be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-22762 | Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2026-22762 | Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
Affected Products & Remediation
| Product | Affected Versions | Remediated Versions | Link |
| Avamar Server | Versions 19.9 through 19.10 SP1 | Version 19.10 SP1 with CHF 338912 or later | Avamar Server Downloads Area |
| Avamar Virtual Edition | Versions 19.9 through 19.10 SP1 | Version 19.10 SP1 with CHF 338912 or later | Avamar Virtual Edition Downloads Area |
| Dell PowerProtect DP Series Appliance (IDPA) | Versions prior to 2.7.8 | Version 2.7.8 with AV CHF 338912 or later | Avamar Downloads Area |
| Product | Affected Versions | Remediated Versions | Link |
| Avamar Server | Versions 19.9 through 19.10 SP1 | Version 19.10 SP1 with CHF 338912 or later | Avamar Server Downloads Area |
| Avamar Virtual Edition | Versions 19.9 through 19.10 SP1 | Version 19.10 SP1 with CHF 338912 or later | Avamar Virtual Edition Downloads Area |
| Dell PowerProtect DP Series Appliance (IDPA) | Versions prior to 2.7.8 | Version 2.7.8 with AV CHF 338912 or later | Avamar Downloads Area |
Notes:
- The README file, included in the hotfix .zip download package, provides a comprehensive list of vulnerabilities remediate in this cumulative update.
- To schedule a platform security patch installation or server upgrade, please contact Support. Dell recommends upgrading the latest release/version of your product.
- For a detailed example of how to apply an AVP-based hotfix, refer to KB 000069982: How to install an Avamar .avp hotfix using Avamar Installer (AVI).
- Dell PowerProtect DP Series Appliance (IDPA) customers must upgrade to version 2.7.8 available under Dell PowerProtect DP Series Appliance (IDPA), before applying AV CHF 338912 available under Avamar Downloads Area.
Workarounds & Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2025-02-17 | Initial Release |
| 2.0 | 2025-02-19 | Updated the IDPA affected version 2.7.8 |
Acknowledgements
Dell would like to thank LIUPENG for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Avamar, Avamar Data Store, Avamar Desktop/Laptop Option, Avamar Server, Avamar Virtual Edition, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance SoftwareArticle Properties
Article Number: 000425796
Article Type: Dell Security Advisory
Last Modified: 19 Feb 2026
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.