Computing

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

News Room
News Room
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Ravie LakshmananMar 13, 2026Vulnerability / Enterprise Security

Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.

The vulnerabilities are as follows –

  • CVE-2026-21666 (CVSS score: 9.9) – A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
  • CVE-2026-21667 (CVSS score: 9.9) – A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
  • CVE-2026-21668 (CVSS score: 8.8) – A vulnerability that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
  • CVE-2026-21672 (CVSS score: 8.8) – A vulnerability that allows local privilege escalation on Windows-based Veeam Backup & Replication servers.
  • CVE-2026-21708 (CVSS score: 9.9) – A vulnerability that allows a Backup Viewer to perform remote code execution as the postgres user.

The shortcomings, which affect Veeam Backup & Replication 12.3.2.4165 and all earlier version 12 builds, have been addressed in version 12.3.2.4465. CVE-2026-21672 and CVE-2026-21708 have also been fixed in Backup & Replication 13.0.1.2067, along with two more critical security flaws –

  • CVE-2026-21669 (CVSS score: 9.9) – A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
  • CVE-2026-21671 (CVSS score: 9.1) – A vulnerability that allows an authenticated user with the Backup Administrator role to perform remote code execution in high availability (HA) deployments of Veeam Backup & Replication.

“It’s important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software,” the company said in its advisory.

With vulnerabilities in Veeam software having been repeatedly exploited by threat actors to carry out ransomware attacks in the past, it’s essential that users update their instances to the latest version to safeguard against any potential threat.

Share This Article
Previous Article Today's NYT Mini Crossword Answers for March 13 – CNET Today's NYT Mini Crossword Answers for March 13 – CNET
Next Article Your Pixel just lost a handy Recents trick in the March update Your Pixel just lost a handy Recents trick in the March update
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

“It’s catastrophic” Why Apple’s MacBook Neo is already worrying the entire PC market
“It’s catastrophic” Why Apple’s MacBook Neo is already worrying the entire PC market
Mobile
Google Maps Adds Gemini AI-Powered ‘Ask Maps’ Feature and 3D Immersive Navigation
Google Maps Adds Gemini AI-Powered ‘Ask Maps’ Feature and 3D Immersive Navigation
News
Keyboard Much Easier to Replace on MacBook Neo Than Apple’s Other Laptops
Keyboard Much Easier to Replace on MacBook Neo Than Apple’s Other Laptops
News
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
Computing
Lost your password?