A hardcoded credential vulnerability in Dell’s recovery tool for VMs has been exploited in the wild by a believed Chinese APT since mid 2024.
The critical vulnerability, allocated CVE-2026-22769, has a CVSS score of 10 and impacts users of Dell’s RecoverPoint for Virtual Machines, a tool for backing up VMware virtual machines and disaster recovery.
The critical Dell vulnerability allows threat actors to gain access to the underlying virtual machine and maintain root-level persistence.
Dell vulnerability due to hard-coded creds
CVE-2026-22769 affects versions prior to 6.0.3.1 HF1, Dell said in a February 17 advisory, warning customers that an “unauthenticated remote attacker with knowledge of the hardcoded credential could [gain] unauthorized access to the underlying operating system and root-level persistence.”
Google Threat Intelligence Group (GTIG) and Mandiant published a report on the bug on Tuesday – saying a threat group it tracks as NAMENAME had used the…