CVE-2026-46467 in PowerProtect Data Domaininfo

Summary

by MITRE • 07/03/2026

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/04/2026

The Dell PowerProtect Data Domain systems present a significant security weakness classified as sensitive data exposure through log file manipulation. This vulnerability affects multiple release versions across different support lifecycles including 7.7.1.0 through 8.7, LTS2026 release versions 8.6.1.0 through 8.6.1.10, LTS2025 release versions 8.3.1.0 through 8.3.1.30, and LTS2024 release versions 7.13.1.0 through 7.13.1.70. The flaw resides in how the system handles sensitive information during logging operations, creating potential exposure pathways for unauthorized parties.

This vulnerability represents a classic case of insecure logging practices where sensitive data elements are inadvertently written to log files without proper sanitization or access controls. The technical implementation appears to lack adequate input validation and data masking mechanisms when processing user requests or system operations that may contain confidential information. Attackers exploiting this weakness could potentially extract credentials, session tokens, personal identifiable information, or other proprietary data from the system's logging infrastructure.

The operational impact of this vulnerability extends beyond simple information disclosure as it creates persistent exposure windows within the system's audit trail. Low privileged local attackers with access to the system can leverage this flaw to gain insights into system internals, user activities, and potentially sensitive operational data. This exposure could facilitate further attacks by providing attackers with additional intelligence about system configurations, user behavior patterns, or potential security gaps within the environment.

From a cybersecurity framework perspective, this vulnerability aligns with CWE-209, which addresses information exposure through log files, and may also relate to CWE-532, concerning insertion of sensitive information into log files. The attack surface analysis reveals that this weakness operates at the application level within the system's logging components, potentially enabling adversaries to perform reconnaissance activities through log file enumeration and extraction techniques. The ATT&CK framework categorizes this under T1070.001 for indicator removal on host and T1562.001 for disabling security tools, as attackers might exploit this vulnerability to cover their tracks while accessing sensitive system information.

Mitigation strategies should focus on implementing robust log sanitization processes that automatically redact or mask sensitive data elements before writing to log files. System administrators must ensure proper access controls are enforced on log file directories and implement monitoring solutions to detect unauthorized access attempts to logging infrastructure. Additionally, regular security assessments of logging configurations and mandatory patching procedures should be established to address this vulnerability across all supported release versions. Organizations should also consider implementing centralized logging solutions with enhanced filtering capabilities and establish clear data handling policies for sensitive information within system audit trails.

Responsible

Dell

Reservation

05/14/2026

Disclosure

07/03/2026

Moderation

accepted

CPE

ready

EPSS

0.00085

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!