Full Report
Dell security advisory (AV26-138)
Analysis Summary
# Vulnerability: Dell RecoverPoint for Virtual Machines Hardcoded Credentials
## CVE Details
- **CVE ID:** CVE-2026-22769
- **CVSS Score:** 9.8 (Critical - Estimated based on "Critical" rating and vulnerability type)
- **CWE:** CWE-798 (Use of Hardcoded Credentials)
## Affected Systems
- **Products:** Dell RecoverPoint for Virtual Machines
- **Versions:**
- Versions prior to 5.3 SP4 P1
- 6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1
- **Configurations:** Systems utilizing the affected RecoverPoint for Virtual Machines software versions.
## Vulnerability Description
This vulnerability stems from the use of hardcoded credentials within Dell RecoverPoint for Virtual Machines. An unauthenticated remote attacker could potentially use these static credentials to gain unauthorized access to the system. Once logged in, the attacker could perform administrative actions, modify configurations, or disrupt VM protection services.
## Exploitation
- **Status:** Exploited in the wild (Reported by open-source intelligence)
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Full access to system data)
- **Integrity:** High (Ability to modify system configurations/protections)
- **Availability:** High (Potential to disrupt virtual machine recovery and operations)
## Remediation
### Patches
Dell recommends upgrading to the following versions or later:
- **For 5.3 branch:** Upgrade to 5.3 SP4 P1 or higher.
- **For 6.0 branch:** Upgrade to 6.0 SP4 or the latest available patch beyond 6.0 SP3 P1.
### Workarounds
- No specific workarounds are provided in the advisory; immediate patching is strongly recommended due to active exploitation.
- Restrict network access to RecoverPoint management interfaces to trusted internal networks only.
## Detection
- **Indicators of Compromise:** Monitor for unusual login activity or logins originating from unexpected IP addresses using default or administrative accounts.
- **Detection methods and tools:** Audit system logs for unauthorized configuration changes or access to the RecoverPoint management console. Verify software versions against the affected list provided by Dell.
## References
- **Vendor Advisory:** hxxps[://]www[.]dell[.]com/support/kbdoc/en-us/000426773/dsa-2026-079
- **Dell Security Portal:** hxxps[://]www[.]dell[.]com/support/security/en-ca
- **Canadian Centre for Cyber Security:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/dell-security-advisory-av26-138