CVE-2026-22266

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000429778/dsa-2026-046-security-update-for-dell-powerprotect-data-manager-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-19 10:16

Updated : 2026-02-20 16:36

NVD link : CVE-2026-22266

Mitre link : CVE-2026-22266

CVE.ORG link : CVE-2026-22266

JSON object : View

Products Affected

dell

powerprotect_data_manager

CWE

CWE-146

Improper Neutralization of Expression/Command Delimiters

{"id": "CVE-2026-22266", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-19T10:16:11.630", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000429778/dsa-2026-046-security-update-for-dell-powerprotect-data-manager-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-146"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass."}, {"lang": "es", "value": "Dell PowerProtect Data Manager, versi\u00f3n(es) anterior(es) a la 19.22, contiene una vulnerabilidad de Verificaci\u00f3n Incorrecta del Origen de un Canal de Comunicaci\u00f3n en la API REST. Un atacante con altos privilegios con acceso remoto podr\u00eda potencialmente explotar esta vulnerabilidad, lo que lleva a la elusi\u00f3n del mecanismo de protecci\u00f3n."}], "lastModified": "2026-02-20T16:36:07.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerprotect_data_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17D7AA01-F2D1-4DCF-BF83-0550AA9CC59A", "versionEndExcluding": "19.22"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}