Remote Code Execution Vulnerability in Veeam Backup Server
CVE-2026-21667

10CRITICAL

Key Information:

Vendor

Veeam
Status
Backup And Replication
Vendor
CVE Published:
12 March 2026

What is CVE-2026-21667?

A security vulnerability exists in Veeam Backup Server that enables an authenticated domain user to execute arbitrary code remotely. This flaw poses a significant risk, as it allows attackers with user credentials to gain unauthorized control, potentially leading to data breaches and compromised system integrity. Prompt patching and security measures are essential to mitigate this risk.

Affected Version(s)

Backup and Replication 12.3.2

References

https://www.veeam.com/kb4830

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.