Dell Security Advisory DSA‑2026‑079 Critical Vulnerability in RecoverPoint
In February 2026, Dell issued Security Advisory DSA‑2026‑079, addressing a critical vulnerability (CVSS score 10.0) in RecoverPoint for Virtual Machines. This flaw involves hardcoded credentials, which could allow attackers to gain unauthorized root-level access. With evidence of active exploitation, organizations using affected versions must act immediately.
What Is RecoverPoint for Virtual Machines?
RecoverPoint for Virtual Machines (RP4VM) is Dell’s solution for data replication and disaster recovery in VMware environments. It ensures business continuity by protecting workloads across sites. However, like any enterprise software, vulnerabilities can expose critical infrastructure to cyber threats.
Threat intelligence researchers have identified UNC6201, a China‑linked espionage group, as actively exploiting the Dell RecoverPoint for Virtual Machines zero‑day (CVE‑2026‑22769). What makes this cluster particularly concerning is its operational resemblance to UNC5221, another China‑nexus actor notorious for targeting virtualization platforms and Ivanti zero‑day flaws.
UNC5221 has previously leveraged advanced malware families such as BEEFLUSH, BRICKSTORM, and ZIPLINE, alongside web shells, to establish persistence and conduct espionage. The tactics, techniques, and procedures (TTPs) observed in UNC6201 campaigns show significant overlap, suggesting either shared resources or coordinated strategies between the two groups.
Affected Versions
| Product | Affected Versions | Recommended Fix |
|---|---|---|
| RP4VM 5.3 SP4 P1 | Vulnerable | Upgrade to 6.0.3.1 HF1 or apply remediation script |
| RP4VM 6.0, 6.0 SP1 (P1/P2), 6.0 SP2 (P1), 6.0 SP3 (P1) | Vulnerable | Upgrade to 6.0.3.1 HF1 or apply remediation script |
| RP4VM 5.3 SP2/SP3/SP4 and earlier | Vulnerable | Upgrade to supported versions, then patch |
Recommended Actions
- Upgrade Immediately Move to RecoverPoint for Virtual Machines 6.0.3.1 HF1.
- Apply Dell’s Remediation Script If upgrading is not possible, apply the script provided in Dell’s advisory.
- Restrict Network Exposure RP4VM should only run in trusted, access-controlled internal networks. Avoid exposing it to public or untrusted environments.
- Monitor for Exploitation Since limited exploitation has already been observed, organizations should monitor logs and network activity for suspicious behavior.
Why This Matters
A CVSS score of 10.0 indicates the highest level of severity. Exploitation could lead to:
- Data theft
- System compromise
- Persistence of attackers in critical infrastructure
For enterprises relying on RP4VM for disaster recovery, this vulnerability poses a serious risk to business continuity.
Conclusion
Dell’s DSA‑2026‑079 advisory highlights the importance of timely patching and proactive security measures. Organizations using RecoverPoint for Virtual Machines should upgrade or apply remediation immediately to protect against active threats.
Follow Us On – X.com, Telegram, LinkedIN, Discord Server,
For The Latest Updates, Vulnerability Insights, Security News, Cyberattack Scoops And Cybersecurity Best Practices Delivered Straight To Your Inbox – Subscribe To Our Newsletter
