CVE-2026-22769

CriticalCISA KEVActive Exploitation

Published: 17 February 2026

Published

17 February 2026

Modified

18 February 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.2200 95.8th percentile

Risk Priority 53 60% EPSS · 20% KEV · 20% CVSS

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to…

the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identifying, reporting, and correcting critical flaws like hardcoded credentials through timely patching to remediated versions such as 6.0.3.1 HF1.

IA-5 Authenticator Management good match

prevent

Mandates proper management of authenticators, prohibiting hardcoded credentials by requiring changes from defaults, protection, and lifecycle controls.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables proactive detection of known vulnerabilities like CVE-2026-22769 through regular vulnerability scanning, supporting timely flaw remediation.

Security SummaryAI

CVE-2026-22769 is a hardcoded credential vulnerability (CWE-798) in Dell RecoverPoint for Virtual Machines, affecting versions prior to 6.0.3.1 HF1. Published on 2026-02-17, it carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), classifying it as critical due to the potential for severe impact.

An unauthenticated remote attacker with knowledge of the hardcoded credential can exploit this flaw over the network with low complexity, gaining unauthorized access to the underlying operating system and establishing root-level persistence.

Dell recommends that customers upgrade to version 6.0.3.1 HF1 or apply one of the specified remediations immediately, as detailed in their advisory DSA-2026-079 at https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079.

The vulnerability appears in CISA's Known Exploited Vulnerabilities Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769) and has been exploited in the wild by threat actor UNC6201 as a zero-day, per a Google Cloud threat intelligence report (https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day).

Details

CWE(s): CWE-798
KEV Date Added: See CISA KEV catalog

Affected Products

dell

recoverpoint for virtual machines

6.0 · ≤ 6.0

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Hardcoded credential enables abuse of default/known valid accounts (T1078.001) for initial access; vulnerability in network-exposed software service facilitates exploitation of public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079
Patch, Vendor Advisory · security_alert@emc.com
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day
Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0