AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-22769: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 17, 2026CVE-2026-22769

Summary

Dell RecoverPoint for Virtual Machines (RP4VMs) has a vulnerability where passwords are hard-coded (built directly into the software rather than created by users), allowing attackers without authorization to remotely access the system and gain root-level persistence (permanent control of the computer). This vulnerability is currently being actively exploited by attackers.

Solution / Mitigation

Apply mitigations per vendor instructions (see Dell support documentation at https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 and https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa), follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-02-21.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 34.2%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-798

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-22769

First tracked: February 18, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 95%