Description
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
Published: 2026-02-17
Score: 10 Critical
EPSS: 22.0% Moderate
KEV: Yes
Impact: Unauthorized remote access to the underlying operating system with potential root‑level persistence
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a hardcoded credential flaw in Dell RecoverPoint for Virtual Machines. An attacker who knows the credential can authenticate without proper authorization and gain access to the host operating system. Once logged in, the attacker can maintain persistence at the root level, potentially compromising the entire infrastructure that the virtual machine platform protects.

Affected Systems

Dell RecoverPoint for Virtual Machines, all releases prior to 6.0.3.1 HF1, including 6.0 and all subsequent service pack releases listed in the CNA data.

Risk and Exploitability

The CVSS score of 10 classifies this flaw as critical. An EPSS value of 22% indicates a relatively high likelihood of exploitation. The vulnerability is also present in CISA’s Known Exploited Vulnerabilities catalog, confirming active threats. Based on the description, it is inferred that the attack vector is unauthenticated remote, requiring only knowledge of the hardcoded credential.

Generated by OpenCVE AI on April 28, 2026 at 17:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell RecoverPoint for Virtual Machines to version 6.0.3.1 HF1 or a later release that removes the hardcoded credential.
  • If an upgrade is not immediately possible, apply Dell’s approved remediations such as disabling or changing the hardcoded credential, and ensure the device is isolated from untrusted networks.
  • Continuously monitor system logs for suspicious authentication attempts and enforce strict access controls around the virtual machine host environment.

Generated by OpenCVE AI on April 28, 2026 at 17:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:-:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p2:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp2_p1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp3_p1:*:*:*:*:*:*

Wed, 18 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-02-18T00:00:00+00:00', 'dueDate': '2026-02-21T00:00:00+00:00'}

Wed, 18 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell recoverpoint For Virtual Machines
Vendors & Products Dell
Dell recoverpoint For Virtual Machines

Tue, 17 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
Description Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Dell Recoverpoint For Virtual Machines
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-26T14:44:19.536Z

Reserved: 2026-01-09T18:05:08.764Z

Link: CVE-2026-22769

cve-icon Vulnrichment

Updated: 2026-02-17T21:19:23.729Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-17T20:22:09.800

Modified: 2026-02-18T20:01:15.983

Link: CVE-2026-22769

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T17:45:16Z

Weaknesses