CVE-2026-22266
CVE-2026-22266 is a medium-severity vulnerability in Dell Powerprotect Data Manager with a CVSS 3.x base score of 4.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-146.
Key facts
- Severity: Medium (CVSS 3.x base score 4.7)
- EPSS exploit prediction: 0% (19th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-8337
- Weakness: CWE-146
- Affected product: Dell Powerprotect Data Manager
- Published:
- Last modified:
Description
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
Frequently asked questions
- What is CVE-2026-22266?
- Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
- How severe is CVE-2026-22266?
- CVE-2026-22266 has a CVSS 3.x base score of 4.7, rated medium severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability low.
- Is CVE-2026-22266 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (19th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-22266?
- CVE-2026-22266 affects Dell Powerprotect Data Manager. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-22266?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-22266 have an EU (EUVD) identifier?
- Yes. CVE-2026-22266 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-8337.
- When was CVE-2026-22266 published?
- CVE-2026-22266 was published on 2026-02-19 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*
More vulnerabilities in Dell Powerprotect Data Manager
- CVE-2025-43888 — High (CVSS 8.8): Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information…
- CVE-2024-22454 — High (CVSS 8.8): Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for…
- CVE-2023-28062 — High (CVSS 8.8): Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated…
- CVE-2025-43884 — High (CVSS 8.2): Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special…
- CVE-2026-22267 — High (CVSS 8.1): Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability.…
- CVE-2025-43885 — High (CVSS 7.8): Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special…
All CVEs affecting Dell Powerprotect Data Manager →
Other CWE-146 vulnerabilities
- CVE-2024-20329 — Critical (CVSS 9.9): A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated,…
- CVE-2025-53192 — High (CVSS 8.8): ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache…
- CVE-2023-20035 — High (CVSS 7.8): A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute…
- CVE-2022-4055 — High (CVSS 7.4): When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional…
- CVE-2024-20470 — High (CVSS 7.2): A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN…
- CVE-2025-20237 — Medium (CVSS 6.0): A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat…