#VU123002 Use of hard-coded credentials in RecoverPoint for Virtual Machines - CVE-2026-22769
Published: February 18, 2026
Vulnerability identifier: #VU123002
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2026-22769
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
RecoverPoint for Virtual Machines
RecoverPoint for Virtual Machines
Software vendor:
Dell
Dell
Description
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install updates from vendor's website.