Veeam has released critical security updates to address seven high-severity vulnerabilities in its Backup & Replication software, including multiple remote code execution flaws that could be exploited by authenticated users to compromise backup servers.
Veeam has released critical security updates to address seven high-severity vulnerabilities in its Backup & Replication software, including multiple remote code execution flaws that could be exploited by authenticated users to compromise backup servers.
According to the company's advisory, the vulnerabilities affect Veeam Backup & Replication 12.3.2.4165 and all earlier version 12 builds. The most severe flaws include:
CVE-2026-21666 and CVE-2026-21667 (CVSS score: 9.9) - Both allow authenticated domain users to perform remote code execution on the Backup Server. These critical flaws could enable attackers with valid credentials to take complete control of backup infrastructure.
CVE-2026-21668 (CVSS score: 8.8) - Allows authenticated domain users to bypass restrictions and manipulate arbitrary files on a Backup Repository, potentially leading to data tampering or further system compromise.
CVE-2026-21672 (CVSS score: 8.8) - A local privilege escalation vulnerability affecting Windows-based Veeam Backup & Replication servers, allowing attackers to elevate their privileges once they have initial access.
CVE-2026-21708 (CVSS score: 9.9) - Allows Backup Viewers to perform remote code execution as the postgres user, potentially giving attackers database-level access and control.
Veeam has addressed these vulnerabilities in version 12.3.2.4465. Additionally, version 13.0.1.2067 includes fixes for CVE-2026-21672 and CVE-2026-21708, plus two new critical flaws:
CVE-2026-21669 (CVSS score: 9.9) - Another remote code execution vulnerability allowing authenticated domain users to compromise Backup Servers.
CVE-2026-21671 (CVSS score: 9.1) - Allows Backup Administrators to perform remote code execution in high availability deployments, potentially affecting entire backup clusters.
The company warned that once vulnerabilities and patches are disclosed, attackers typically attempt to reverse-engineer the fixes to exploit unpatched systems. This pattern has been particularly concerning for Veeam software, as vulnerabilities in their products have been repeatedly exploited by threat actors to carry out ransomware attacks.
Given the critical nature of these flaws and the history of exploitation, Veeam strongly recommends that all users update their instances to the latest versions immediately. Backup infrastructure is often a prime target for ransomware operators, who recognize that compromising backup systems can prevent organizations from recovering their data even if they pay ransoms.
Organizations using Veeam Backup & Replication should prioritize these updates, especially those in high-availability configurations or environments where backup servers have elevated privileges. The combination of remote code execution capabilities and the sensitive nature of backup infrastructure makes these vulnerabilities particularly dangerous in the current threat landscape.
Comments
Please log in or register to join the discussion