Dell RecoverPoint for Virtual Machines carries CVE-2026-22769 (CVSS 9.5, EPSS 96th percentile), an improper privilege management flaw actively leveraged in the VerdantBamboo espionage campaign as part of a multi-vendor MSP pivot chain. The product’s typical placement in backup and DR infrastructure makes exploitation high-consequence: compromise of RecoverPoint can undermine the integrity of recovery capabilities at the moment they are most needed.