UrsaClimb Logo

CISA orders feds to patch actively exploited Dell flaw within 3 days

Bleeping Computer
by Sergiu Gatlan
February 19, 2026
AI-Generated Deep Dive Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive requiring federal agencies to patch a severe Dell vulnerability within three days. The flaw, identified as CVE-2026-22769, is being actively exploited by a Chinese-linked hacking group known as UNC6201. This group has used the vulnerability since mid-2024 to infiltrate networks and deploy malware, including a new backdoor called Grimbolt. The vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, and agencies are mandated to address it by February 21 under Binding Operational Directive (BOD) 22-01. The Dell RecoverPoint flaw is a hardcoded-credential issue that allows attackers to gain unauthorized access to VMware virtual machine backup and recovery systems. Security researchers from Mandiant and Google Threat Intelligence Group (GTIG) have linked UNC6201's activity to the broader Chinese state-backed cyberespionage group, Silk Typhoon, which has previously targeted U.S. government agencies like the Treasury Department and OFAC. This latest campaign underscores the growing sophistication of cyber threats against federal systems. CISA emphasized that such vulnerabilities are critical attack vectors for malicious actors and pose significant risks to federal networks. Agencies are instructed to apply vendor-provided mitigations or discontinue product use if patches are unavailable. This comes after CISA recently ordered federal agencies to secure BeyondTrust Remote Support instances against another actively exploited remote code execution vulnerability, CVE-2026-1731. The urgency of addressing these vulnerabilities highlights the evolving nature of cyber threats and the need for federal agencies to maintain robust cybersecurity measures. The exploitation of hardcoded credentials in widely used IT solutions like Dell RecoverPoint demonstrates how even trusted systems can be compromised, making prompt action essential to mitigate risks. With state-sponsored groups increasingly targeting critical infrastructure, federal agencies must prioritize patching and threat detection to protect sensitive data and maintain network integrity. This situation underscores the growing importance of proactive cybersecurity strategies and the need for continuous vigilance against emerging threats. For readers interested
Verticals
securitytech
Originally published on Bleeping Computer on 2/19/2026