CVE-2026-22769
Received Received - Intake
Hardcoded Credential in Dell RecoverPoint VM Enables Root Access

Publication date: 2026-02-17

Last updated on: 2026-02-18

Assigner: Dell

Description
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-02-18
Generated
2026-05-27
AI Q&A
2026-02-17
EPSS Evaluated
2026-05-25
NVD
CVE-2026-22769
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines to 6.0 (exc)
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contains a hardcoded credential vulnerability. This means that the software includes fixed credentials embedded in its code that cannot be changed by users.

An unauthenticated remote attacker who knows these hardcoded credentials could exploit this vulnerability to gain unauthorized access to the underlying operating system.

This access could allow the attacker to achieve root-level persistence, meaning they could maintain control over the system at the highest privilege level.


How can this vulnerability impact me? :

This vulnerability can have a critical impact because it allows an unauthenticated remote attacker to gain unauthorized root-level access to the system.

Such access could lead to complete compromise of the affected system, including the ability to manipulate data, disrupt services, or use the system as a foothold for further attacks.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

Dell recommends that customers upgrade Dell RecoverPoint for Virtual Machines to version 6.0.3.1 HF1 or later.

Applying the available remediations as soon as possible is advised to prevent exploitation of the hardcoded credential vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart