Description
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
Published: 2026-02-17
Score: 10 Critical
EPSS: 13.1% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a hardcoded credential vulnerability in Dell RecoverPoint for Virtual Machines. An attacker who knows the credential can authenticate without proper authorization and gain control of the host operating system. With that access, the attacker can place themselves with root‑level persistence, allowing full compromise of the environment the virtual machine platform protects.

Affected Systems

Dell RecoverPoint for Virtual Machines, all releases prior to version 6.0.3.1 HF1, including the 6.0 series and all listed service pack releases.

Risk and Exploitability

The CVSS score of 10 classifies this flaw as critical. An EPSS value of 13% indicates a moderate likelihood of exploitation. The vulnerability is also present in CISA’s Known Exploited Vulnerabilities catalog, confirming active threats. Based on the description, it is inferred that the attack vector is unauthenticated remote, requiring only knowledge of the hardcoded credential.

Generated by OpenCVE AI on June 18, 2026 at 04:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell RecoverPoint for Virtual Machines to version 6.0.3.1 HF1 or a later release that removes the hardcoded credential.
  • If an upgrade is not immediately possible, apply Dell’s approved remediations such as disabling or changing the hardcoded credential and isolate the device from untrusted networks.
  • Continuously monitor system logs for suspicious authentication attempts and enforce strict access controls around the virtual machine host environment to mitigate the CWE‑798 credential exposure risk.

Generated by OpenCVE AI on June 18, 2026 at 04:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Dell RecoverPoint Hardcoded Credential Vulnerability

Wed, 17 Jun 2026 10:15:00 +0000

Type Values Removed Values Added
Title Hardcoded Credential Enabling Root-Level Access in Dell RecoverPoint for Virtual Machines

Tue, 16 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Hardcoded Credential Enabling Root-Level Access in Dell RecoverPoint for Virtual Machines

Fri, 12 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Title Dell RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Dell RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability

Wed, 18 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:-:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p2:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp2_p1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp3_p1:*:*:*:*:*:*

Wed, 18 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-02-18T00:00:00+00:00', 'dueDate': '2026-02-21T00:00:00+00:00'}

Wed, 18 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell recoverpoint For Virtual Machines
Vendors & Products Dell
Dell recoverpoint For Virtual Machines

Tue, 17 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
Description Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Dell Recoverpoint For Virtual Machines
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:19.536Z

Reserved: 2026-01-09T18:05:08.764Z

Link: CVE-2026-22769

cve-icon Vulnrichment

Updated: 2026-02-17T21:19:23.729Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-17T20:22:09.800

Modified: 2026-06-17T10:20:23.560

Link: CVE-2026-22769

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:00:17Z

Weaknesses
  • CWE-798

    Use of Hard-coded Credentials