🔴 CVE-2026-22769

Dell RecoverPoint for VMs contains hardcoded credentials allowing unauthenticated remote attackers to gain root-level access to the underlying OS. This critical vulnerability is under active exploitation in the wild.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
MEDIUM
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-02-17

Added to CISA KEV: 2026-02-18 1 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-02-18)

The CVE-2026-22769 vulnerability, affecting Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1, is a critical hardcoded credential vulnerability that is under active exploitation [2].

Here's a breakdown of what is known:

  • Internet-Facing Applications/Services: The vulnerability affects Dell RecoverPoint for Virtual Machines. While not explicitly stated if it's exclusively internet-facing, the nature of hardcoded credentials can pose a significant risk if accessible remotely.
  • Evidence of Active Exploitation: There is clear evidence of active exploitation in the wild [2].
  • Attack Vectors and Exploitation Methods: The vulnerability involves hardcoded credentials. An unauthenticated remote attacker with knowledge of these credentials can exploit this flaw to gain unauthorized access to the underlying operating system and achieve root-level persistence [1].
  • Targeted Attacks: While the provided information confirms active exploitation, it does not specify if CVE-2026-22769 has been used in targeted attacks. However, the potential for root-level persistence suggests it could be a valuable tool for sophisticated attackers.
  • CISA Known Exploited Vulnerabilities (KEV) Status: As of the provided information, CVE-2026-22769 is not listed on CISA's Known Exploited Vulnerabilities (KEV) Catalog [3]. CISA regularly updates this catalog based on evidence of active exploitation [4][5].
  • Technical Details about Internet Exploitability: The vulnerability allows an unauthenticated remote attacker to exploit the hardcoded credentials. This grants them unauthorized access to the operating system, enabling them to establish persistence at the root level [1].

Sources

  1. Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited...

    The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials affecting versions prior to 6.0.3.1 HF1. Other products, including RecoverPoint Classic, are not vulnerable to the flaw. "This is considered critical as an unauthenticated remote attacker wi…

  2. CVE-2026-22769: Dell RecoverPoint Zero-Day Exploited — Analyst Advisory

    Critical unauthenticated hardcoded-credential vulnerability in Dell RecoverPoint is under active exploitation. CVE-2026-22769 Immediate patching and network isolation recommended.

  3. Known Exploited Vulnerabilities Catalog - CISA

    For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…

  4. CISA Adds Six Known Exploited Vulnerabilities to Catalog

    CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-21510…

  5. CISA Adds Four Known Exploited Vulnerabilities to Catalog

    CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed