Dell’s RecoverPoint for Virtual Machines, the enterprise‑grade disaster‑recovery suite, has a serious flaw CVE‑2026‑22769 that allows attackers to run code remotely. The bug receives a CVSS score of 10.0 the maximum possible.
The vulnerability hit the news cycle when researchers went beyond the lab. They proved the attack was already happening, with threat actors using the flaw to conduct real‑world cyber‑espionage missions. In short it’s not a theoretical risk but an active exploitable threat.
Who Identified CVE-2026-22769?
The flaw made its way into official security advisories and was logged under a CVE. Cybersecurity giants Mandiant and Google’s Threat Intelligence Group launched a deep dive. They combed through compromised environments spotting the flaw in well executed targeted attacks. Their findings sent a clear message worldwide this issue was more serious than anyone had realized.
Who Exploited CVE-2026-22769?
Researchers say the flaw was hijacked by a China‑linked cyber espionage group known as UNC6201.The group is thought to be state aligned and to focus on three main things:
- stealing corporate secrets
- gathering strategic intel
- staying inside a target’s network for the long haul
Using the hard‑coded credential bug, the attackers slipped into vulnerable Dell RecoverPoint appliances. From there, they moved laterally dropped their own malware tools, and set up a foothold that keeps them running in the victim’s environment.
