Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

A critical zero-day vulnerability, CVE-2026-22769, in Dell RecoverPoint for Virtual Machines has been actively exploited since mid-2024 by a suspected China-nexus threat actor known as UNC6201. The flaw, rated with a maximum CVSS score of 10.0, involves hard-coded credentials, allowing unauthorized access and potential data breaches in virtual machine recovery systems. This exploitation highlights ongoing risks in enterprise backup solutions and underscores the need for immediate patching and enhanced security monitoring.

According to reports from Google Mandiant and Google Threat Intelligence Group, the exploitation has been ongoing for months, targeting organizations using Dell’s recovery technology. The incident serves as a reminder of the persistent threat from advanced persistent threat (APT) groups and the importance of proactive vulnerability management in cybersecurity defenses.

Key Takeaways

CVE-2026-22769 is a maximum severity vulnerability (CVSS 10.0) in Dell RecoverPoint for VMs due to hard-coded credentials.
Exploited as a zero-day since mid-2024 by suspected China-nexus threat actor UNC6201.
Highlights risks in virtual machine recovery systems and the need for urgent patching.
Emphasizes the role of threat intelligence from groups like Google Mandiant in detecting such attacks.
Underscores the importance of securing backup and recovery infrastructure against APT threats.

CVEs Mentioned

CVE-2026-22769

Threat Actors

UNC6201

Source: The Hacker News

Press ESC to close

Key Takeaways

CVEs Mentioned

Threat Actors

Share Article:

Tarang Parmar

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs