DSA-2026-079: Security Update for RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability
概要: Dell RecoverPoint for Virtual Machines remediation is available for a hardcoded credential vulnerability that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細情報
Dell has received a report from Google/Mandiant of limited active exploitation of this vulnerability. Dell strongly recommends that customers apply one of the remediations below to address this vulnerability as soon as possible.
詳細
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-22769 |
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible. |
10.0 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-22769 |
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible. |
10.0 |
影響を受ける製品と修復
|
Product |
Affected Versions |
Remediation |
|
RecoverPoint for Virtual Machines |
Version 5.3 SP4 P1 |
Follow the steps below in order:
OR
|
|
RecoverPoint for Virtual Machines |
Versions 6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1 |
OR
|
|
Product |
Affected Versions |
Remediation |
|
RecoverPoint for Virtual Machines |
Version 5.3 SP4 P1 |
Follow the steps below in order:
OR
|
|
RecoverPoint for Virtual Machines |
Versions 6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1 |
OR
|
Versions 5.3 SP4, 5.3 SP3, 5.3 SP2, and potentially earlier versions of RecoverPoint for Virtual Machines are also impacted by CVE-2026-22769. Dell recommends that customers upgrade to version 5.3 SP4 P1 or a 6.x version then apply the remediation steps outlined above. Supported versions of RecoverPoint for Virtual Machines and related End of Service dates can be found on the RecoverPoint for Virtual Machines Support Overview page.
Other Dell products, including RecoverPoint Classic (both physical and virtual appliances), are not affected by CVE-2026-22796.
Dell recommends that RecoverPoint for Virtual Machines be deployed within a trusted, access-controlled internal network protected by appropriate firewalls and network segmentation. RecoverPoint for Virtual Machines is not intended for use on untrusted or public networks.
変更履歴
|
Revision |
Date |
Description |
|
1.0 |
2026-02-17 |
Initial Release |
確認
Dell would like to thank Peter Ukhanov from Google/Mandiant for reporting this issue.
関連情報
法的免責事項
対象製品
RecoverPoint for Virtual Machines文書のプロパティ
文書番号: 000426773
文書の種類: Dell Security Advisory
最終更新: 17 2月 2026
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。