CVE-2026-22769

CRITICAL KEV

Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass

Title source: llm

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

References (3)

[Various Sources] https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

[Various Sources] https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769

Scores

CVSS v3 10.0

EPSS 0.2130

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2026-02-18

VulnCheck KEV 2026-02-17

ENISA EUVD EUVD-2026-7966

CWE

CWE-798

Status published

Products (2)

dell/recoverpoint_for_virtual_machines 6.0 (8 CPE variants)

dell/recoverpoint_for_virtual_machines < 6.0

Published Feb 17, 2026

KEV Added Feb 18, 2026

Tracked Since Feb 18, 2026