CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 21, 2026

CVE-2026-22769

High

EPSS 34.2%CISA KEV

Dell/RecoverPoint for Virtual Machines (RP4VMs)

Description

Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence.

EPSS — Exploit Probability

34.2%

Higher than 96.9% of all CVEs

Required Action

https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 34.2%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Feb 18, 2026

Added to KEV

Feb 18, 2026

Remediation Due

Feb 21, 2026

Affected Product

Dell

RecoverPoint for Virtual Machines (RP4VMs)

View all Dell CVEs

External Links

NVD (NIST)CVE Details MITRE CVE