A critical vulnerability, CVE-2026-22769 (CVSS 10.0), has been identified in Dell RecoverPoint for Virtual Machines, a widely used enterprise backup and disaster recovery solution for VMware environments. The flaw is actively exploited in the wild and has been linked to advanced threat activity.
The vulnerability stems from hardcoded administrative credentials embedded within the application, specifically associated with the Apache Tomcat Manager interface. An unauthenticated attacker with knowledge of these credentials can gain direct access to the system.
Affected Systems
The vulnerability impacts Dell RecoverPoint for Virtual Machines
All versions prior to 6.0.3.1 HF1 are vulnerable
Other RecoverPoint variants (e.g., RecoverPoint Classic) are not impacted.
Technical Analysis
The vulnerability is classified as a hardcoded credential exposure, enabling direct authentication to the Tomcat Manager component. This access allows attackers to upload and deploy malicious WAR files, effectively turning the application server into a remote execution platform.
Because the attack does not rely on user interaction or external conditions, exploitation is both reliable and difficult to detect at the initial access stage. Once access is obtained, privilege escalation is trivial due to the level of control granted through the management interface.
Impact
The impact of CVE-2026-22769 extends beyond a single system compromise. RecoverPoint appliances often sit within critical infrastructure layers, managing replication and backup processes across production systems.
A successful compromise can therefore enable attackers to access sensitive data flows, interfere with recovery mechanisms, and maintain persistence in environments that are typically trusted during incident response scenarios.
Recommended Mitigations
Organizations should immediately:
- Upgrade to version 6.0.3.1 HF1 or later
- Restrict access to RecoverPoint management interfaces at the network level
- Review system logs for unauthorized access or unexpected deployments
- Validate the integrity of backup and replication configurations
Stay Safe. Stay Secure
OP Innovate Research Team
