6 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE‑2026‑22769: A critical vulnerability in Dell RecoverPoint for Virtual Machines (RP4VM) has been confirmed as actively exploited in the wild. The flaw stems from hard‑coded credentials embedded within the platform’s Apache Tomcat Manager component, allowing unauthenticated remote attackers to gain full administrative control, including the ability to deploy malicious applications and execute commands with root privileges.
Dell has released patches and a remediation script, urging all organizations to upgrade to RecoverPoint for Virtual Machines version 6.0.3.1 HF1 or later or follow the prescribed upgrade path for older releases.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Hard-Coded Credentials in Dell RecoverPoint for Virtual Machines (RP4VM) Leading to Unauthenticated Remote Compromise
CVSS Score: 10.0 (Critical, CVSS v3.1)
Identifier: CVE-2026-22769
PoC or Exploitation:
CVE-2026-22769 is confirmed to be actively exploited in the wild.
Update/ Patch:
Dell has released official remediation guidance and fixes for CVE-2026-22769. Affected organizations must either upgrade to a fixed version or apply Dell's remediation script, depending on their current deployment.
Official Dell Security Advisory and remediation guidance:
Key remediation paths outlined by Dell include:
- Upgrade to RecoverPoint for Virtual Machines version 6.0.3.1 HF1 or later where applicable
- For older 6.0.x and 5.3.x versions, follow Dell's documented upgrade path or apply the remediation script provided in the advisory
- Systems that cannot be immediately upgraded should be treated as high risk until remediation is complete
Description:
CVE-2026-22769 is a hard-coded credential vulnerability in Dell RecoverPoint for Virtual Machines. The application embeds static credentials used by its Apache Tomcat Manager component. An unauthenticated remote attacker who knows these credentials can log in to the management interface, deploy malicious applications, and execute commands with elevated privileges, including root access.
Mitigation Recommendation:
Immediately apply Dell's remediation guidance for CVE-2026-22769, prioritizing any internet-facing or broadly reachable RP4VM deployments.
Upgrade to version 6.0.3.1 HF1 or later, or apply the Dell-provided remediation script as specified in the advisory.
Assume potential compromise for any RP4VM instance that was accessible from untrusted networks prior to remediation.
