Patch now! Attackers are targeting Dell RecoverPoint for Virtual Machines

Important security updates have been released for Dell RecoverPoint for Virtual Machines and Avamar Server, among others. Attacks are already occurring.

(Image: Gorodenkoff/Shutterstock.com)

Feb 19, 2026 at 9:14 am CET

2 min. read

Security

By

Dennis Schirrmacher

Attackers have long been targeting a "critical" security vulnerability in Dell RecoverPoint for Virtual Machines. Security patches are available. Furthermore, Dell Avamar Server, Avamar Virtual Edition, Networking OS10, Power Max EEM, Solutions Enabler Virtual Appliance, Unisphere 360, Unisphere for PowerMax, and Unisphere for PowerMax Virtual Appliance remain vulnerable.

Attacks for two years

Security researchers from Google and Mandiant are warning in a post about ongoing attacks on a "critical" vulnerability with the highest rating (CVE-2026-22769 CVSS Score 10 out of 10) in Dell RecoverPoint for Virtual Machines. As indicated in a warning from the computer manufacturer, remote attackers are accessing instances without authentication due to hardcoded credentials. They establish root privileges in systems using a backdoor (Grimbolt) and thus completely compromise PCs.

Videos by heise

State-sponsored Chinese hackers from the UNC6201 group are reportedly behind this. The security researchers state that attacks have been ongoing since mid-2024. The extent of the attacks and the target individuals are currently unknown. Admins should ensure that the secure version 6.0 SP3 (6.0.3.1) is installed. Further information on the security update can be found in the warning message.

Further Dangers

In addition, attackers can target other Dell products such as Avamar Server and Unisphere for PowerMax. These vulnerabilities are classified as "medium" threat level. If attackers successfully exploit these vulnerabilities, they can execute their own code or delete files, among other things. Information on the security updates can be found in the linked warning messages: