A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG).

The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials affecting versions prior to 6.0.3.1 HF1. Other products, including RecoverPoint Classic, are not vulnerable to the flaw.

"This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability, leading to unauthorized access to the underlying operating system and root-level persistence," Dell said in a bulletin released Tuesday.

The issue impacts the following products -

• RecoverPoint for Virtual Machines Version 5.3 SP4 P1 - Migrate from RecoverPoint for Virtual Machines 5.3 SP4 P1 to 6.0 SP3, and then upgrade to 6.0.3.1 HF1
• RecoverPoint for Virtual Machines Versions 6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1 - Upgrade to 6.0.3.1 HF1
• RecoverPoint for Virtual Machines Versions 5.3 SP4, 5.3 SP3, 5.3 SP2, and earlier - Upgrade to version 5.3 SP4 P1 or a 6.x version, and then apply the necessary remediation 

"Dell recommends that RecoverPoint for Virtual Machines be deployed within a trusted, access-controlled internal network protected by appropriate firewalls and network segmentation," it noted. "RecoverPoint for Virtual Machines is not intended for use on untrusted or public networks."