DSA-2026-287: Security Update Dell PowerProtect Data Manager for Multiple Security Vulnerabilities

Résumé: Dell PowerProtect Data Manager remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.

Impact

Critical

Détails

Third-party Component

CVEs

More Information

Apache Log4j

CVE-2026-34479, CVE-2026-34480, CVE-2026-34478, CVE-2026-34477, CVE-2026-34481

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Apache Tomcat

CVE-2026-34500, CVE-2026-34487, CVE-2026-34483, CVE-2026-32990, CVE-2026-29146, CVE-2026-29145, CVE-2026-29129, CVE-2026-25854, CVE-2026-34486, CVE-2026-34487, CVE-2026-34500, CVE-2026-29146

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

JetBrains Kotlin

CVE-2020-29582

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Thymeleaf

CVE-2026-40477, CVE-2026-40478

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

OpenTelemetry-Java

CVE-2026-45292

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

SimpleXML

CVE-2017-1000190

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

golang.org/x/net/http2

CVE-2026-27141

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

mongo-go-driver

CVE-2026-2303

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

opentelemetry-go

CVE-2026-39883, CVE-2026-39882

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

jinja2

golang

CVE-2026-33814, CVE-2026-39836, CVE-2026-33811, CVE-2026-39826

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Axios

CVE-2026-40175, CVE-2025-62718, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Leaflet

CVE-2025-69993

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Angular

CVE-2026-32635, CVE-2026-41423

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Linux kernel

CVE-2023-2058, CVE-2023-53817, CVE-2024-38542, CVE-2025-37861, CVE-2025-39817, CVE-2025-39964, CVE-2025-39998, CVE-2025-40099, CVE-2025-40103, CVE-2025-40253, CVE-2025-54518, CVE-2025-71066, CVE-2025-71113, CVE-2025-71231, CVE-2026-23004, CVE-2026-23054, CVE-2026-23060, CVE-2026-23074, CVE-2026-23089, CVE-2026-23103, CVE-2026-23111, CVE-2026-23141, CVE-2026-23157, CVE-2026-23191, CVE-2026-23202, CVE-2026-23204, CVE-2026-23207, CVE-2026-23209, CVE-2026-23214, CVE-2026-23231, CVE-2026-23239, CVE-2026-23240, CVE-2026-23243, CVE-2026-23268, CVE-2026-23269, CVE-2026-23271, CVE-2026-23272, CVE-2026-23273, CVE-2026-23274, CVE-2026-23278, CVE-2026-23293, CVE-2026-23317, CVE-2026-23351, CVE-2026-23381, CVE-2026-23393, CVE-2026-23398, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411, CVE-2026-23412, CVE-2026-23413, CVE-2026-23449, CVE-2026-23450, CVE-2026-23458, CVE-2026-23461, CVE-2026-23462, CVE-2026-31402, CVE-2026-31403, CVE-2026-31405, CVE-2026-31408, CVE-2026-31431, CVE-2026-31436, CVE-2026-31470, CVE-2026-31473, CVE-2026-31504, CVE-2026-31505, CVE-2026-31507, CVE-2026-31512, CVE-2026-31528, CVE-2026-31533, CVE-2026-31570, CVE-2026-31586, CVE-2026-31588, CVE-2026-31602, CVE-2026-31607, CVE-2026-31613, CVE-2026-31614, CVE-2026-31622, CVE-2026-31629, CVE-2026-31649, CVE-2026-31656, CVE-2026-31662, CVE-2026-31669, CVE-2026-31685, CVE-2026-31694, CVE-2026-31700, CVE-2026-31738, CVE-2026-31758, CVE-2026-31787, CVE-2026-31788, CVE-2026-43025, CVE-2026-43027, CVE-2026-43037, CVE-2026-43038, CVE-2026-43044, CVE-2026-43050, CVE-2026-43110, CVE-2026-43120, CVE-2026-43126, CVE-2026-43190, CVE-2026-43206, CVE-2026-43214, CVE-2026-43284, CVE-2026-43329, CVE-2026-43330, CVE-2026-43334, CVE-2026-43362, CVE-2026-43365, CVE-2026-43366, CVE-2026-43437, CVE-2026-43494, CVE-2026-43499, CVE-2026-43501, CVE-2026-43503, CVE-2026-45852, CVE-2026-45910, CVE-2026-45970, CVE-2026-46004, CVE-2026-46021, CVE-2026-46043, CVE-2026-46113, CVE-2026-46114, CVE-2026-46300, CVE-2026-46333

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

XZ Utils

CVE-2026-34743

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

SSH servers

CVE-2025-58181

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

GnuTLS

CVE-2025-14831, CVE-2026-33845, CVE-2026-33846, CVE-2026-3833, CVE-2026-42009, CVE-2026-42010, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014, CVE-2026-42015, CVE-2026-5260, CVE-2026-5419

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Python cryptography

CVE-2020-25659, CVE-2020-36242, CVE-2023-23931, CVE-2023-38325, CVE-2023-49083, CVE-2024-26130, CVE-2025-3416

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

rpc.mountd daemon

nfs-utils

CVE-2025-12801

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

PyYAML

CVE-2017-18342, CVE-2020-14343, CVE-2020-1747

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

OAuthLib

CVE-2022-36087

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Requests

CVE-2015-2296, CVE-2018-18074, CVE-2023-32681, CVE-2024-35195, CVE-2024-47081

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Python (CPython)

CVE-2025-13462, CVE-2026-1299, CVE-2026-1502, CVE-2026-3446, CVE-2026-3479, CVE-2026-3644, CVE-2026-4224, CVE-2026-4519, CVE-2026-4786, CVE-2026-6019, CVE-2026-6100

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

cloud-init

CVE-2024-11584, CVE-2024-6174

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Oracle Java SE

Oracle GraalVM for JDK

Oracle GraalVM 

CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

BIND resolver

CVE-2026-1519

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

pyasn1

CVE-2026-30922

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Sudo

CVE-2026-35535

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

setuptools

CVE-2024-6345, CVE-2025-47273

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

OpenSSH

CVE-2026-3497, CVE-2026-35385, CVE-2026-35388, CVE-2026-35414

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

kjd/idna

CVE-2024-3651

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

XSM/Flask

CVE-2025-54505, CVE-2025-54518, CVE-2025-58150, CVE-2026-23553, CVE-2026-23554, CVE-2026-23555, CVE-2026-23557, CVE-2026-23558, CVE-2026-42487, CVE-2026-42488, CVE-2026-42489, CVE-2026-42490

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

webbrowser.open()

CVE-2020-15523, CVE-2020-15801, CVE-2022-42919, CVE-2022-4303, CVE-2023-41105, CVE-2024-4030, CVE-2024-8088, CVE-2025-12781, CVE-2025-13462, CVE-2025-1795, CVE-2026-1299, CVE-2026-2297, CVE-2026-3479, CVE-2026-3644, CVE-2026-4224, CVE-2026-4519

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Jinja

CVE-2016-10745, CVE-2019-10906, CVE-2019-8341, CVE-2020-28493, CVE-2024-22195, CVE-2024-34064, CVE-2024-56201, CVE-2024-56326, CVE-2025-27516

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

configobj

CVE-2023-26112

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Erlang OTP

CVE-2025-48038, CVE-2025-48039, CVE-2025-48040, CVE-2026-21620, CVE-2026-23941, CVE-2026-23942, CVE-2026-23943, CVE-2026-28808, CVE-2026-32147

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libpng

CVE-2026-33416, CVE-2026-33636

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

pyOpenSSL

CVE-2026-27448, CVE-2026-27459

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

haveged

CVE-2026-41054

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

glibc

CVE-2026-4046, CVE-2026-4437, CVE-2026-4438, CVE-2026-5450, CVE-2026-5928

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libcurl

CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-6253, CVE-2026-6276, CVE-2026-6429

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

OpenPrinting CUPS

CVE-2026-34990

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

util-linux

CVE-2025-14104, CVE-2026-3184

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

vim

CVE-2026-26269, CVE-2026-28417, CVE-2026-33412, CVE-2026-34714, CVE-2026-34982, CVE-2026-39881, CVE-2026-42307, CVE-2026-43961, CVE-2026-44656, CVE-2026-45130, CVE-2026-46483

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libcap

CVE-2026-4878

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

GNU Tar

CVE-2025-45582

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

postgresql

CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-6472, CVE-2026-6473, CVE-2026-6474, CVE-2026-6475, CVE-2026-6476, CVE-2026-6477, CVE-2026-6478, CVE-2026-6479, CVE-2026-6637, CVE-2026-6638

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

systemd

CVE-2026-29111, CVE-2026-4105

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

busybox

CVE-2026-29004

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

openssl

CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

gdk-pixbuf

CVE-2026-5201

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

openssl

CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

py

CVE-2020-29651, CVE-2022-42969

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

PostgreSQL

CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007, CVE-2026-6472, CVE-2026-6473, CVE-2026-6474, CVE-2026-6475, CVE-2026-6476, CVE-2026-6477, CVE-2026-6478, CVE-2026-6479, CVE-2026-6575, CVE-2026-6637, CVE-2026-6638

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

urllib3

CVE-2025-66418, CVE-2025-66471, CVE-2026-21441, CVE-2026-44431

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

samba

CVE-2026-2340, CVE-2026-3012, CVE-2026-3238, CVE-2026-4408, CVE-2026-4480

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libexpat

CVE-2026-24515, CVE-2026-25210, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

libtiff

CVE-2026-4775

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

nghttp2

CVE-2026-27135

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

PyJWT

CVE-2026-32597

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2026-40712

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Improper Input Validation vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

9.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-49499

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) a Generation of Incorrect Security Tokens vulnerability in the IAM. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-46738

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Improper Input Validation vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-40714

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Improper Input Validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-46737

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Improper Input Validation vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

6.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-44276

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the REST API. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2026-40712

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Improper Input Validation vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

9.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-49499

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) a Generation of Incorrect Security Tokens vulnerability in the IAM. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-46738

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Improper Input Validation vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-40714

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Improper Input Validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.2

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-46737

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Improper Input Validation vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

6.7

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2026-44276

Dell PowerProtect Data Manager, versions prior to 20.2.0.0, contain(s) an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the REST API. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Product

Affected Versions

Remediated Versions

Link

Dell PowerProtect Data Manager

Versions prior to 20.2.0.0

20.2.0.0 or later

PowerProtect Data Manager Drivers and Downloads

 

Product

Affected Versions

Remediated Versions

Link

Dell PowerProtect Data Manager

Versions prior to 20.2.0.0

20.2.0.0 or later

PowerProtect Data Manager Drivers and Downloads

 

Historique des révisions

Revision

Date

Description

1.0

2026-07-14

Initial Release

2.0

2026-07-15

Updated Acknowledgements 

 

Remerciements

  • CVE-2026-44276: Dell would like to thank shauntp for reporting this issue. 
  • CVE-2026-40712: Dell would like to thank WinD39 - Huynh Dinh Vu and Haxship1337 - Huynh Dinh Van for reporting this issue.
  • CVE-2026-46738, CVE-2026-46737, CVE-2026-40714: Dell would like to thank WinD39 - Huynh Dinh Vu for reporting this issue.  

Informations connexes

Produits concernés

Data Protection Suite Series, PowerProtect Data Manager, PowerProtect Data Manager Essentials
Propriétés de l’article
Numéro d’article: 000488847
Type d’article: Dell Security Advisory
Dernière modification: 15 Jul 2026
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.