CVE-2026-22769
Received Received - Intake

Hardcoded Credential in Dell RecoverPoint VM Enables Root Access

Vulnerability report for CVE-2026-22769, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-17

Last updated on: 2026-02-18

Assigner: Dell

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-17
Last Modified
2026-02-18
Generated
2026-07-06
AI Q&A
2026-02-17
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 9 associated CPEs
Vendor Product Version / Range
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines to 6.0 (exc)
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contains a hardcoded credential vulnerability. This means that the software includes fixed credentials embedded in its code that cannot be changed by users.

An unauthenticated remote attacker who knows these hardcoded credentials could exploit this vulnerability to gain unauthorized access to the underlying operating system.

This access could allow the attacker to achieve root-level persistence, meaning they could maintain control over the system at the highest privilege level.

Impact Analysis

This vulnerability can have a critical impact because it allows an unauthenticated remote attacker to gain unauthorized root-level access to the system.

Such access could lead to complete compromise of the affected system, including the ability to manipulate data, disrupt services, or use the system as a foothold for further attacks.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

Dell recommends that customers upgrade Dell RecoverPoint for Virtual Machines to version 6.0.3.1 HF1 or later.

Applying the available remediations as soon as possible is advised to prevent exploitation of the hardcoded credential vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22769. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart