Is Recoverpoint For Virtual Machines affected by CVE-2026-22769?

Dell RecoverPoint Virtual Machines contain hardcoded root credentials that allow unauthenticated attackers to gain complete control of backup and replication infrastructure.

CVE-2026-22769

CRITICAL

2026-02-17 [email protected]

10.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Added to CISA KEV

Feb 20, 2026 - 02:00 cisa

CISA KEV

Patch Released

Feb 20, 2026 - 02:00 nvd

Patch available

CVE Published

Feb 17, 2026 - 20:22 nvd

CRITICAL 10.0

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Analysis

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data.

Remediation

Within 24 hours: Identify all Dell RecoverPoint VMs in your environment and isolate them from production networks if possible; verify current version status. Within 7 days: Apply vendor patch 6.0.3.1 HF1 or later to all affected systems; change all hardcoded credentials immediately post-patching. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

134

Low Medium High Critical

KEV: +50

EPSS: +34.2

CVSS: +50

POC: 0

CVE-2026-22769 vulnerability details – vuln.today

Back

CVE-2026-22769

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-22769

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code