CVE-2026-22769
Received Received - Intake
Hardcoded Credential in Dell RecoverPoint VM Enables Root Access

Publication date: 2026-02-17

Last updated on: 2026-02-18

Assigner: Dell

Description
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22769
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines to 6.0 (exc)
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contains a hardcoded credential vulnerability. This means that the software includes fixed credentials embedded in its code that cannot be changed by users.

An unauthenticated remote attacker who knows these hardcoded credentials could exploit this vulnerability to gain unauthorized access to the underlying operating system.

This access could allow the attacker to achieve root-level persistence, meaning they could maintain control over the system at the highest privilege level.

Impact Analysis

This vulnerability can have a critical impact because it allows an unauthenticated remote attacker to gain unauthorized root-level access to the system.

Such access could lead to complete compromise of the affected system, including the ability to manipulate data, disrupt services, or use the system as a foothold for further attacks.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

Dell recommends that customers upgrade Dell RecoverPoint for Virtual Machines to version 6.0.3.1 HF1 or later.

Applying the available remediations as soon as possible is advised to prevent exploitation of the hardcoded credential vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22769. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart