DSA-2026-079: Security Update for RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability

Zusammenfassung: Dell RecoverPoint for Virtual Machines remediation is available for a hardcoded credential vulnerability that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

Critical

Weitere Angaben

Dell has received a report from Google/Mandiant of limited active exploitation of this vulnerability. Dell strongly recommends that customers apply one of the remediations below to address this vulnerability as soon as possible.

Details

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

10.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

10.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Product

Affected Versions

Remediation

RecoverPoint for Virtual Machines

Version 5.3 SP4 P1

Follow the steps below in order:

  1. Migrate from RecoverPoint for Virtual Machines 5.3 SP4 P1 to 6.0 SP3 (Instructions)
  2. Upgrade to 6.0.3.1 HF1

OR

  1. Follow the instructions in the Knowledge Base article to run the remediation script: RecoverPoint for Virtual Machines: Apply the remediation script for DSA-2026-079

RecoverPoint for Virtual Machines

Versions 6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1
  1. Upgrade to 6.0.3.1 HF1

OR

  1. Follow the instructions in the Knowledge Base article to run the remediation script: RecoverPoint for Virtual Machines: Apply the remediation script for DSA-2026-079

 

Product

Affected Versions

Remediation

RecoverPoint for Virtual Machines

Version 5.3 SP4 P1

Follow the steps below in order:

  1. Migrate from RecoverPoint for Virtual Machines 5.3 SP4 P1 to 6.0 SP3 (Instructions)
  2. Upgrade to 6.0.3.1 HF1

OR

  1. Follow the instructions in the Knowledge Base article to run the remediation script: RecoverPoint for Virtual Machines: Apply the remediation script for DSA-2026-079

RecoverPoint for Virtual Machines

Versions 6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1
  1. Upgrade to 6.0.3.1 HF1

OR

  1. Follow the instructions in the Knowledge Base article to run the remediation script: RecoverPoint for Virtual Machines: Apply the remediation script for DSA-2026-079

 

Versions 5.3 SP4, 5.3 SP3, 5.3 SP2, and potentially earlier versions of RecoverPoint for Virtual Machines are also impacted by CVE-2026-22769. Dell recommends that customers upgrade to version 5.3 SP4 P1 or a 6.x version then apply the remediation steps outlined above. Supported versions of RecoverPoint for Virtual Machines and related End of Service dates can be found on the RecoverPoint for Virtual Machines Support Overview page.

Other Dell products, including RecoverPoint Classic (both physical and virtual appliances), are not affected by CVE-2026-22796.

Dell recommends that RecoverPoint for Virtual Machines be deployed within a trusted, access-controlled internal network protected by appropriate firewalls and network segmentation. RecoverPoint for Virtual Machines is not intended for use on untrusted or public networks.

Revisionsverlauf

Revision

Date

Description

1.0

2026-02-17

Initial Release

 

Danksagung

Dell would like to thank Peter Ukhanov from Google/Mandiant for reporting this issue.

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

RecoverPoint for Virtual Machines
Artikeleigenschaften
Artikelnummer: 000426773
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 17 Feb. 2026
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.