Home / Vulnerabilities / CVE-2026-22769
CRITICAL SEVERITY
CVE-2026-22769Dell · RecoverPoint for Virtual Machines (RP4VMs)

Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL
10 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

28.78 %
Predictive Probability
Percentile Rank
96.4 th

Documented as more likely to be exploited than 96.4% of known CVEs.

Detection Date

Feb 18, 2026

Remediation Due

Feb 21, 2026

CISA Catalog Active

Threat Analysis

Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence.

Remediation Directive

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

External Intelligence

https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa

https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa

https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day

https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2026-22769