CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-798

Threats tracking this CVE

• Dell RecoverPoint for VMs Zero-Day (CVE-2026-22769) — CVSS 10.0, PRC-Nexus UNC6201/Silk Typhoon, BRICKSTORM/GRIMBOLT/SLAYSTYLE, VMware Ghost NIC Pivoting, iptables SPA — CRITICAL

References

• https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079
• https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769

Markdown version · Threadlinqs Intelligence