CVE-2026-22769

Name: CVE-2026-22769
Creator: NVD / NIST
Published: 2026-02-17T20:22:09.8+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 10/10Actively ExploitedEPSS 13.13%

Last modified Jun 17, 2026

CVE-2026-22769 is a critical-severity vulnerability rated 10/10 on the CVSS scale. Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. CISA has confirmed active exploitation in the wild. EPSS estimates a 13.13% chance of exploitation in the next 30 days.

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Metrics

CVSS 3.1

10/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

13.13%

95.9th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Feb 21, 2026.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Dell	Recoverpoint For Virtual Machines	< 6.0
Dell	Recoverpoint For Virtual Machines	6.0

References

https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079Patch, Vendor Advisory
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-dayThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22769US Government Resource

Timeline

Published: Feb 17, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-22769?

How severe is CVE-2026-22769?

CVE-2026-22769 has a CVSS score of 10/10 (CRITICAL severity). The EPSS model estimates a 13.13% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2026-22769?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-22769?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST