CVE-2026-22769

CRITICAL KEV

Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass

Title source: llm

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

References (3)

[Various Sources] https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

[Various Sources] https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769

Scores

CVSS v3 10.0

EPSS 0.3416

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2026-02-18

VulnCheck KEV 2026-02-17

ENISA EUVD EUVD-2026-7966

Classification

CWE

CWE-798

Status published

Affected Products (9)

dell/recoverpoint_for_virtual_machines < 6.0

dell/recoverpoint_for_virtual_machines

Timeline

Published Feb 17, 2026

KEV Added Feb 18, 2026

Tracked Since Feb 18, 2026