DSA-2026-046: Security Update for Dell PowerProtect Data Manager Multiple Vulnerabilities

Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component

CVEs

More Information

kernel-default 5.14.21-150400.24.187.3

CVE-2022-50280, CVE-2022-50327, CVE-2022-50334, CVE-2022-50470, CVE-2022-50471, CVE-2022-50472, CVE-2022-50475, CVE-2022-50478, CVE-2022-50480, CVE-2022-50482, CVE-2022-50484, CVE-2022-50485, CVE-2022-50487, CVE-2022-50488, CVE-2022-50489, CVE-2022-50490, CVE-2022-50492, CVE-2022-50493, CVE-2022-50494, CVE-2022-50496, CVE-2022-50497, CVE-2022-50498, CVE-2022-50499, CVE-2022-50501, CVE-2022-50503, CVE-2022-50504, CVE-2022-50505, CVE-2022-50509, CVE-2022-50511, CVE-2022-50512, CVE-2022-50513, CVE-2022-50514, CVE-2022-50516, CVE-2022-50519, CVE-2022-50520, CVE-2022-50521, CVE-2022-50523, CVE-2022-50525, CVE-2022-50528, CVE-2022-50529, CVE-2022-50530, CVE-2022-50532, CVE-2022-50534, CVE-2022-50535, CVE-2022-50537, CVE-2022-50541, CVE-2022-50542, CVE-2022-50544, CVE-2022-50545, CVE-2022-50546, CVE-2022-50549, CVE-2022-50551, CVE-2022-50553, CVE-2022-50556, CVE-2022-50559, CVE-2022-50560, CVE-2022-50561, CVE-2022-50562, CVE-2022-50563, CVE-2022-50564, CVE-2022-50566, CVE-2022-50567, CVE-2022-50568, CVE-2022-50570, CVE-2022-50572, CVE-2022-50574, CVE-2022-50575, CVE-2022-50576, CVE-2022-50578, CVE-2022-50579, CVE-2022-50580, CVE-2022-50581, CVE-2022-50582, CVE-2023-53365, CVE-2023-53500, CVE-2023-53533, CVE-2023-53534, CVE-2023-53541, CVE-2023-53542, CVE-2023-53548, CVE-2023-53551, CVE-2023-53552, CVE-2023-53553, CVE-2023-53554, CVE-2023-53556, CVE-2023-53559, CVE-2023-53560, CVE-2023-53564, CVE-2023-53566, CVE-2023-53567, CVE-2023-53568, CVE-2023-53571, CVE-2023-53572, CVE-2023-53574, CVE-2023-53576, CVE-2023-53579, CVE-2023-53582, CVE-2023-53587, CVE-2023-53589, CVE-2023-53592, CVE-2023-53594, CVE-2023-53597, CVE-2023-53603, CVE-2023-53604, CVE-2023-53605, CVE-2023-53607, CVE-2023-53608, CVE-2023-53611, CVE-2023-53612, CVE-2023-53615, CVE-2023-53616, CVE-2023-53617, CVE-2023-53619, CVE-2023-53622, CVE-2023-53625, CVE-2023-53626, CVE-2023-53631, CVE-2023-53637, CVE-2023-53639, CVE-2023-53640, CVE-2023-53641, CVE-2023-53644, CVE-2023-53648, CVE-2023-53650, CVE-2023-53651, CVE-2023-53658, CVE-2023-53659, CVE-2023-53662, CVE-2023-53667, CVE-2023-53668, CVE-2023-53670, CVE-2023-53673, CVE-2023-53674, CVE-2023-53675, CVE-2023-53676, CVE-2023-53679, CVE-2023-53680, CVE-2023-53681, CVE-2023-53683, CVE-2023-53687, CVE-2023-53692, CVE-2023-53693, CVE-2023-53695, CVE-2023-53696, CVE-2023-53700, CVE-2023-53704, CVE-2023-53705, CVE-2023-53708, CVE-2023-53709, CVE-2023-53711, CVE-2023-53715, CVE-2023-53717, CVE-2023-53718, CVE-2023-53719, CVE-2023-53722, CVE-2023-53723, CVE-2023-53724, CVE-2023-53725, CVE-2023-53726, CVE-2023-53730, CVE-2023-7324, CVE-2025-39742, CVE-2025-39898, CVE-2025-39945, CVE-2025-39965, CVE-2025-39967, CVE-2025-39968, CVE-2025-39973, CVE-2025-39978, CVE-2025-40018, CVE-2025-40040, CVE-2025-40044, CVE-2025-40048, CVE-2025-40088, CVE-2025-40102, CVE-2025-40121, CVE-2025-40154, CVE-2025-40204

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Net-snmp

CVE-2025-68615

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Jinja / Jinja2

CVE-2025-27516

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Vim

CVE-2025-53905, CVE-2025-53906, CVE-2025-55157, CVE-2025-55158

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

GnuPG

CVE-2025-30258, CVE-2025-68973

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

GLib

CVE-2025-13601, CVE-2025-14087, CVE-2025-14512, CVE-2025-3360, CVE-2025-4373, CVE-2025-7039

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Xen

CVE-2025-27466, CVE-2025-58142, CVE-2025-58143, CVE-2025-58147, CVE-2025-58148

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

containerd

CVE-2024-25621, CVE-2024-40635, CVE-2025-64329

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

PostgreSQL

CVE-2025-12817, CVE-2025-12818

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

OpenSSL

CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

runc

CVE-2025-31133, CVE-2025-52565, CVE-2025-52881

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

BIND 9 (ISC DNS Resolver)

CVE-2025-40778, CVE-2025-40780

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Oracle Java SE / Oracle GraalVM

CVE-2025-53057, CVE-2025-53066

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libpng

CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

OpenSSH

CVE-2025-61984, CVE-2025-61985

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

GNU Binutils

CVE-2025-0840, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1147, CVE-2025-1148, CVE-2025-1149, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-1176, CVE-2025-1178, CVE-2025-1179, CVE-2025-1180, CVE-2025-1181, CVE-2025-1182, CVE-2025-3198, CVE-2025-5244, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546, CVE-2025-8224, CVE-2025-8225

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2026-22266

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Neutralization of Expression/Command Delimiters vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-22267

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

8.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-22268

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.

6.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-22269

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.

4.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2026-22266

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Neutralization of Expression/Command Delimiters vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-22267

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

8.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-22268

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.

6.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-22269

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.

4.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product

Affected Versions

Remediated Versions

Link

Dell PowerProtect Data Manager

Versions prior to 19.22.0-24

19.22.0-24 or later

PPDM 19.22 Drivers & Downloads

Product

Affected Versions

Remediated Versions

Link

Dell PowerProtect Data Manager

Versions prior to 19.22.0-24

19.22.0-24 or later

PPDM 19.22 Drivers & Downloads

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Please see additional details: Secure Serviceability Letter on PowerProtect Data Manager v19.x

Revision History

Revision

Date

Description

1.0

2026-02-18

Initial Release

2.0

2026-02-18

Enhanced formatting with no change to content

Acknowledgements

CVE-2026-22266, CVE-2026-22267, CVE-2026-22268, CVE-2026-22269 : Dell would like to thank brocked200 (Nguyen Quoc Khanh) for reporting these issues. 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerProtect Data Manager Appliance, PowerProtect Data Manager, PowerProtect Data Manager Essentials
Article Properties
Article Number: 000429778
Article Type: Dell Security Advisory
Last Modified: 19 Feb 2026
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.