CVE-2026-22769

CRITICALCISA KEV

10.0

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Details CVE

Score CVSS v3.110.0

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie2/17/2026

Derniere modification2/20/2026

Sourcekev

Observations honeypot0

CISA KEV

FournisseurDell

ProduitRecoverPoint for Virtual Machines (RP4VMs)

Nom vulnerabiliteDell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability

Date ajout KEV2026-02-18

Date limite remediation2026-02-21

Utilise dans ransomwareUnknown

Produits affectes

dell:recoverpoint_for_virtual_machines

Faiblesses (CWE)

CWE-798CWE-798

References

https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079(security_alert@emc.com)

https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.