1. Home
  2. Vulnerabilities
  3. CVE-2026-22769
Known Exploited Vulnerability
10.0
CRITICAL CVSS 3.1
CVE-2026-22769
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability - [Actively Exploited]
Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

INFO

Published Date :

Feb. 17, 2026, 8:22 p.m.

Last Modified :

Feb. 18, 2026, 8:01 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Unknown

Notes :

https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769

Affected Products

The following products are affected by CVE-2026-22769 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Dell recoverpoint_for_virtual_machines
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL c550e75a-17ff-4988-97f0-544cde3820fe
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 CRITICAL MITRE-CVE
CVSS 3.1 CRITICAL [email protected]
Solution
Upgrade Dell RecoverPoint for Virtual Machines to version 6.0.3.1 HF1 or later.
  • Upgrade Dell RecoverPoint to version 6.0.3.1 HF1.
  • Apply available Dell remediation patches promptly.
Public PoC/Exploit Available at Github

CVE-2026-22769 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-22769.

URL Resource
https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 PatchVendor Advisory
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-22769 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-22769 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Nouaman1945/threat-intel-chatbot

None

Python

Updated: 2 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : Feb. 23, 2026, 12:55 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
kapetanios55/SentinelCBContent

None

Shell Python

Updated: 1 week, 4 days ago
0 stars 0 fork 0 watcher
Born at : Feb. 20, 2026, 10:40 p.m. This repo has been linked 23 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-22769 vulnerability anywhere in the article.

  • The Hacker News
OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is avail ... Read more

Published Date: Mar 07, 2026 (2 days, 12 hours ago)
  • The Hacker News
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have ... Read more

Published Date: Mar 07, 2026 (2 days, 18 hours ago)
  • The Hacker News
Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, air ... Read more

Published Date: Mar 06, 2026 (3 days, 19 hours ago)
  • The Hacker News
Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) ... Read more

Published Date: Mar 06, 2026 (3 days, 22 hours ago)
  • The Hacker News
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are liste ... Read more

Published Date: Mar 05, 2026 (4 days, 14 hours ago)
  • The Hacker News
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The ... Read more

Published Date: Mar 05, 2026 (4 days, 19 hours ago)
  • The Hacker News
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five fu ... Read more

Published Date: Mar 04, 2026 (5 days, 15 hours ago)
  • The Hacker News
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (K ... Read more

Published Date: Mar 04, 2026 (6 days ago)
  • The Hacker News
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2 ... Read more

Published Date: Mar 03, 2026 (6 days, 22 hours ago)
  • europa.eu
Cyber Brief 26-03 - February 2026

Cyber Brief (February 2026)March 2, 2026 – Version: 1TLP:CLEARExecutive summaryWe analysed 303 open source reports for this Cyber Security Brief1.Relating to cyber policy and law enforcement, the Euro ... Read more

Published Date: Mar 02, 2026 (1 week ago)
  • The Hacker News
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system ... Read more

Published Date: Mar 02, 2026 (1 week ago)
  • The Hacker News
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerabili ... Read more

Published Date: Mar 02, 2026 (1 week ago)
  • The Hacker News
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take ov ... Read more

Published Date: Feb 28, 2026 (1 week, 2 days ago)
  • The Hacker News
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in D ... Read more

Published Date: Feb 27, 2026 (1 week, 3 days ago)
  • Help Net Security
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed significantly over the past decad ... Read more

Published Date: Feb 22, 2026 (2 weeks, 1 day ago)
  • The Register
CISA gives federal agencies three days to patch actively exploited Dell bug

Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024. CISA this week added the fla ... Read more

Published Date: Feb 20, 2026 (2 weeks, 3 days ago)
  • Help Net Security
Microsoft reveals critical Windows Admin Center vulnerability (CVE-2026-26119)

Microsoft has disclosed a privilege-escalation vulnerability in Windows Admin Center (WAC), a browser-based platform widely used by IT administrators and infrastructure teams to manage Windows clients ... Read more

Published Date: Feb 19, 2026 (2 weeks, 4 days ago)
  • Hackread - Cybersecurity News, Data Breaches, AI and More
China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware

A major security vulnerability has been identified in a Dell product used by many companies to protect their virtual data. According to reports from Google’s Threat Intelligence Group (GTIG) and the c ... Read more

Published Date: Feb 19, 2026 (2 weeks, 4 days ago)
  • Help Net Security
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329)

A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 researchers discovered. “The v ... Read more

Published Date: Feb 19, 2026 (2 weeks, 4 days ago)
  • security.nl
Amerikaanse overheid moet update voor kritiek Dell-lek binnen 3 dagen uitrollen

Amerikaanse overheidsinstanties moeten een beveiligingsupdate voor een kritieke kwetsbaarheid in Dell RecoverPoint for Virtual Machines binnen drie dagen uitrollen, zo heeft het Amerikaanse cyberagent ... Read more

Published Date: Feb 19, 2026 (2 weeks, 4 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-22769 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 18, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    Added CWE CWE-798
    Added CPE Configuration OR *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:* *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:* *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p2:*:*:*:*:*:* *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp2:*:*:*:*:*:* *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp2_p1:*:*:*:*:*:* *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp3:*:*:*:*:*:* *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:* versions up to (excluding) 6.0 *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:-:*:*:*:*:*:* *cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp3_p1:*:*:*:*:*:*
    Added Reference Type CISA-ADP: https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Types: Third Party Advisory
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769 Types: US Government Resource
    Added Reference Type Dell: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 Types: Patch, Vendor Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 18, 2026

    Action Type Old Value New Value
    Added Reference https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769
  • New CVE Received by [email protected]

    Feb. 17, 2026

    Action Type Old Value New Value
    Added Description Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    Added CWE CWE-798
    Added Reference https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 10
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact