Remote Code Execution Vulnerability in Veeam Service Provider Console
CVE-2026-32998

9.4CRITICAL

Key Information:

Vendor: Veeam
Status: Service Provider Console
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-32998?

A vulnerability exists in Veeam Service Provider Console that enables remote code execution, potentially allowing attackers to execute arbitrary code on affected systems. This breach can facilitate unauthorized access and manipulation of sensitive data. Users are strongly encouraged to apply the recommended security patches and updates to mitigate this risk and enhance their overall security posture.

Affected Version(s)

Service Provider Console 9 <= 9.2

References

https://www.veeam.com/kb4853

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-32998 Data

JSON