TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

CIS Advisories

A Vulnerability in Dell RecoverPoint for Virtual Machines Could Allow for Arbitrary Code Execution

2026-02-18 · Read original ↗

ATT&CK techniques detected

3 predictions
T1068Exploitation for Privilege Escalation
98%
“##t of limited active exploitation of this vulnerability. systems affected : - recoverpoint for virtual machines versions prior to 6. 0. 3. 1 hf1 risk : government : businesses : home users : technical summary : a vulnerability has been discovered in dell recoverpoint for virtual…”
T1068Exploitation for Privilege Escalation
86%
“a vulnerability in dell recoverpoint for virtual machines could allow for arbitrary code execution a vulnerability in dell recoverpoint for virtual machines could allow for arbitrary code execution ms - isac advisory number : 2026 - 015date ( s ) issued : 02 / 18 / 2026overview :…”
T1078.001Default Accounts
75%
“##026 : privileged account management ) - safeguard 4. 7 : manage default accounts on enterprise assets and software : manage default accounts on enterprise assets and software, such as root, administrator, and other pre - configured vendor accounts. example implementations can i…”

Summary

A vulnerability has been discovered in Dell RecoverPoint for Virtual Machines which could allow for arbitrary code execution. Dell RecoverPoint for Virtual Machines is an enterprise-grade solution for VMware Virtual Machines (VMs) enabling local, remote, and concurrent local and remote replication with continuous cyber resilience for on premises recovery to any point-in time (PiT).

Successful exploitation of the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.