Week 8 – From RecoverPoint to BreakPoint

16 – 22 Feb 2026

CVE-2026-22769 is a critical vulnerability affecting Dell’s RecoverPoint for Virtual Machines.

RecoverPoint for Virtual Machines is a solution maintained by Dell to offer hypervisor-level backup and recovery for virtual machines and it is commonly used by enterprises.

Exploiting this vulnerability allows unauthenticated attackers to access the underlying operating system remotely and gain the highest privileges possible, usually followed by code execution.

CVE-2026-22769 itself is a hardcoded credential type vulnerability, which means RecoverPoint application contained information that could be used to authenticate and authorize high-privileged access to the underlying operating system. The credentials belonged to the ‘admin’ user account, the corresponding credentials were hardcoded in an xml file. This allowed adversaries to authenticate against Apache Tomcat Manager and deploy a webshell, and executing commands through the webshell with high privileges paved the way to full compromise.

Unfortunately, it turned out that attackers were indeed aware of this hardcoded credential and exploited this vulnerability since mid-2024 in targeted attacks.

This was found by Google’s Mandiant and Google Treat Intelligence Group (GTIG) groups’ security researchers, who followed up with the investigation and found evidence of exploitation, advanced techniques to evade detection and sophisticated malware samples dropped on compromised devices likely used for espionage.

Naturally, the vendor urged everyone to patch their RecoverPoint systems as soon as possible. Moreover, since the exploitation is confirmed, CVE-2026-22769 is now in the Known Exploited Vulnerabilities (KEV) Catalog.

For more information about the investigation and techniques, please visit the blog written by Mandiant and GTIG: https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day/
Official advisory from Dell: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.