CVE-2026-21669
published 2026-03-12CVE-2026-21669: A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
1.17%
63.6th percentile
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_and_replication | >= 13.0.1 < 13.0.1 | 13.0.1 |
| veeam | veeam_backup_replication | >= 13.0.0.496 < 13.0.1.2067 | 13.0.1.2067 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-21669 affects Veeam Backup & Replication; monitor for RCE activity originating from authenticated domain user accounts targeting Backup Server processes — patched in versions 12.3.2.4465 and 13.0.1.2067 ↗
- →Threat actors are known to reverse-engineer Veeam patches shortly after disclosure to exploit unpatched deployments; prioritize detection of exploitation attempts on unpatched VBR instances immediately following patch release ↗
- →VBR servers are high-value ransomware targets; alert on lateral movement, data exfiltration, or backup deletion activity originating from or targeting VBR infrastructure — associated threat groups include FIN7, Cuba, Frag, Akira, and Fog ransomware ↗
- ·No public exploit exists for CVE-2026-21669 at time of publication; EPSS exploitation probability is 0.3% (48.9th percentile), indicating moderate but not yet elevated real-world exploitation likelihood ↗
- ·Fixed versions are 12.3.2.4465 and 13.0.1.2067; detections should be scoped to instances running versions prior to these builds ↗
- ·CVE-2026-21669 is not listed in CISA KEV as of publication date, so mandatory remediation timelines for federal agencies do not yet apply ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Veeam warns of critical flaws exposing backup servers to RCE attacks
blogs_bleepingcomputer·2026-03-12·CVSS 9.9
[CRITICAL] Veeam warns of critical flaws exposing backup servers to RCE attacks
## Veeam warns of critical flaws exposing backup servers to RCE attacks
## Sergiu Gatlan
Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities.
VBR is enterprise data backup and recovery software that helps IT administrators to create copies of critical data for quick restoration following cyberattacks and hardware failures.
Three RCE security flaws patched today (tracked as CVE-2026-21666 , CVE-2026-21667 , and CVE-2026-21669 ) allow low-privileged domain users to execute remote code on vulnerable backup servers in low-complexity attacks.
The fourth one (tracked as CVE-2026-21708 ) allows a Backup Viewer to gain remote code execution as the postgres user.
Veeam also
Wiz
CVE-2025-59468 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59468 [CRITICAL] CVE-2025-59468 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59468 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
Source : NVD
## 9.1
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessment
Wiz
CVE-2026-21708 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21708 [CRITICAL] CVE-2026-21708 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21708 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
Source : NVD
## 9.9
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 78.1
Exploitation Probability (EPSS) 1.1
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploita
Wiz
CVE-2026-21672 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21672 [CRITICAL] CVE-2026-21672 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21672 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable,
Wiz
CVE-2026-21666 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21666 [CRITICAL] CVE-2026-21666 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21666 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.4
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
Wiz
CVE-2026-21668 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-21668 [HIGH] CVE-2026-21668 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21668 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
Source : NVD
## 6.5
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity MEDIUM Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prio
Wiz
CVE-2026-21671 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21671 [CRITICAL] CVE-2026-21671 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21671 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
Source : NVD
## 9.1
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.7
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 31, 2026
Windows Severity CRITICAL Has Fix Added at: Apr 02,
Wiz
CVE-2026-21667 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21667 [CRITICAL] CVE-2026-21667 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21667 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.4
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
Wiz
CVE-2025-59470 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59470 [CRITICAL] CVE-2025-59470 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59470 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Source : NVD
## 9
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 37.8
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessmen
Wiz
CVE-2025-55125 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-55125 [HIGH] CVE-2025-55125 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-55125 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Source : NVD
## 9.8
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 7.8
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 13, 2026
## Get a CVE risk assessment
Ge
Wiz
CVE-2026-21670 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21670 [CRITICAL] CVE-2026-21670 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21670 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
Source : NVD
## 6.5
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 7.7
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity MEDIUM Has Fix Added at: Mar 19, 2026
Windows Severity MEDIUM Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's explo
Wiz
CVE-2026-21669 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21669 [CRITICAL] CVE-2026-21669 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21669 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 9.9
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 48.9
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 19, 2026
Windows Severity CRITICAL Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in yo
Wiz
CVE-2025-59469 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59469 [CRITICAL] CVE-2025-59469 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59469 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup or Tape Operator to write files as root.
Source : NVD
## 9
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's explo
2026-03-12
Published