Zero-day in Dell RecoverPoint for Virtual Machines (CVE-2026-22769)
Essential information
- Published
- 19/02/2026 20:16
- Modified
- 20/02/2026 13:14
- Tags
- 2026-02-19 CVE-2026-22769 backdoor brickstorm china dell grimbolt patch recoverpoint root access slaystyle vmware vulnerability zero-day
- Related entities
- 1 vulnerabilities (cve), 5 observables, 1 intrusion sets (apt), 13 techniques (mitre), 3 malware
Description
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been discovered and actively exploited. The flaw, identified as CVE-2026-22769, allows attackers to gain root-level access on affected systems. China-linked threat actor UNC6201 has been leveraging this vulnerability in targeted intrusions since mid-2024, deploying custom backdoors like GRIMBOLT and BRICKSTORM for persistence and further compromise. The vulnerability affects versions prior to 6.0.3.1 HF1. Organizations are urged to apply the security patch immediately or use the provided remediation script if patching is not possible. Detection indicators for the malware and network traffic have been provided to help identify potential compromises.