Detections
Analytics
CVE-2026-22769
critical
Description
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
References
https://www.theregister.com/2026/02/20/cisa_dell_vulnerability/
https://hackread.com/china-hackers-dell-recoverpoint-flaw-grimbolt-malware/
https://www.theregister.com/2026/02/18/dell_0day_brickstorm_campaign/
https://www.securityweek.com/dell-recoverpoint-zero-day-exploited-by-chinese-cyberespionage-group/
https://www.infosecurity-magazine.com/news/chinese-apt-exploits-dell-zeroday/
https://www.darkreading.com/application-security/dells-hard-coded-flaw-a-nation-state-goldmine
https://therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning
https://thehackernews.com/2026/02/dell-recoverpoint-for-vms-zero-day-cve.html
https://cyberscoop.com/china-brickstorm-grimbolt-dell-zero-day/
Details
Published: 2026-02-17
Updated: 2026-02-18
Known Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 10
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.28782
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest