DSA-2026-158: Security Update Dell PowerProtect Data Manager for Multiple Security Vulnerabilities
Summary: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
|
Third-party Component |
CVEs |
More Information |
|
PPDM Core: Logback |
CVE-2025-11226, CVE-2024-12801, CVE-2024-12798 |
|
|
Apache Tomcat |
CVE-2025-61795 |
|
|
Spring Framework |
CVE-2025-22235, CVE-2025-41249, CVE-2025-22233 |
|
|
Spring Security |
CVE-2025-22228 |
|
|
Apache Commons FileUpload |
CVE-2025-48976 |
|
|
json-smart |
CVE-2024-57699 |
|
|
reactor-netty |
CVE-2025-22227 |
|
|
Apache Log4j |
CVE-2025-68161 |
|
|
AssertJ - Fluent Assertions for Java |
CVE-2026-24400 |
|
|
PPDM Reporting: Infinispan |
CVE-2025-5731 |
|
|
Logback |
CVE-2025-11226 |
|
|
Netty Project |
CVE-2025-59419 |
|
|
OpenSSH |
CVE-2016-20012, CVE-2020-14145, CVE-2021-28041, CVE-2021-36368, CVE-2023-38408, CVE-2023-48795, CVE-2025-26465 |
|
|
Spring Framework |
CVE-2025-41254 |
|
|
XMLUnit |
CVE-2024-31573 |
|
|
Angular |
CVE-2025-59052 |
|
|
brace-expansion |
CVE-2025-5889 |
|
|
crypto/tls |
CVE-2025-68121 |
|
|
Operating System (OS) |
CVE-2026-0672, CVE-2026-0865, CVE-2026-0861, CVE-2026-0915, CVE-2026-22695, CVE-2026-22801, CVE-2026-25646, CVE-2026-24882, CVE-2026-22795, CVE-2026-22796, CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-26157, CVE-2026-26158, CVE-2026-23490, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2025-40257, CVE-2025-40259, CVE-2025-68284, CVE-2025-68285, CVE-2025-68775, CVE-2025-68813, CVE-2025-71085, CVE-2026-22999, CVE-2026-23001, CVE-2026-23010 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-28266 |
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) a Weak Encoding for Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
7.1 |
|
|
CVE-2026-28264 |
|
3.3 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-28266 |
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) a Weak Encoding for Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
7.1 |
|
|
CVE-2026-28264 |
|
3.3 |
Affected Products & Remediation
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell PowerProtect Data Manager |
Versions prior to 20.1.0.0 |
Version 20.1.0.0 or later |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell PowerProtect Data Manager |
Versions prior to 20.1.0.0 |
Version 20.1.0.0 or later |
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2026-04-01 |
Initial Release |
|
2.0 |
2026-04-04 |
Updated for enhanced presentation |
|
3.0 |
2026-04-07 |
Updated the Third Party Components section to include CVE-2025-68121 |
|
4.0 |
2026-04-14 |
Updated the Proprietary Code section to included CVE-2026-28266 |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Manager Appliance, PowerProtect Data Manager, PowerProtect Data Manager Essentials, PowerProtect Data Manager SoftwareArticle Properties
Article Number: 000447277
Article Type: Dell Security Advisory
Last Modified: 14 Apr 2026
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.