Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Affected Products

Vendor	Product	Versions
dell	recoverpoint_for_virtual_machines	< 6.0, < 6.0.3.1 HF1

References

https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079(Patch, Vendor Advisory)
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day(Third Party Advisory)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769(US Government Resource)

Related News (1 articles)

Tier C

Mandiant Blog5h ago

vSphere and BRICKSTORM Malware: A Defender's Guide

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

6.0

CWECWE-798, CWE-798

PublishedFeb 17, 2026

Last enriched5h agov2

Trending Score0

Source articles1

Independent1

Info Completeness11/14

Missing: epss, iocs, mitre_attack

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History