CVE-2026-21670
published 2026-03-12CVE-2026-21670: A vulnerability allowing a low-privileged user to extract saved SSH credentials.
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.40%
31.9th percentile
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_and_replication | >= 13.0.1 < 13.0.1 | 13.0.1 |
| veeam | veeam_backup_replication | 13.0.0.496 – 13.0.1.1071 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-59468 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59468 [CRITICAL] CVE-2025-59468 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59468 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
Source : NVD
## 9.1
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessment
Wiz
CVE-2026-21708 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21708 [CRITICAL] CVE-2026-21708 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21708 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
Source : NVD
## 9.9
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 78.1
Exploitation Probability (EPSS) 1.1
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploita
Wiz
CVE-2026-21672 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21672 [CRITICAL] CVE-2026-21672 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21672 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable,
Wiz
CVE-2026-21666 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21666 [CRITICAL] CVE-2026-21666 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21666 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.4
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
Wiz
CVE-2026-21668 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-21668 [HIGH] CVE-2026-21668 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21668 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
Source : NVD
## 6.5
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity MEDIUM Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prio
Wiz
CVE-2026-21671 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21671 [CRITICAL] CVE-2026-21671 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21671 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
Source : NVD
## 9.1
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.7
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 31, 2026
Windows Severity CRITICAL Has Fix Added at: Apr 02,
Wiz
CVE-2026-21667 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21667 [CRITICAL] CVE-2026-21667 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21667 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.4
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
Wiz
CVE-2025-59470 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59470 [CRITICAL] CVE-2025-59470 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59470 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Source : NVD
## 9
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 37.8
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessmen
Wiz
CVE-2025-55125 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-55125 [HIGH] CVE-2025-55125 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-55125 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Source : NVD
## 9.8
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 7.8
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 13, 2026
## Get a CVE risk assessment
Ge
Wiz
CVE-2026-21670 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21670 [CRITICAL] CVE-2026-21670 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21670 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
Source : NVD
## 6.5
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 7.7
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity MEDIUM Has Fix Added at: Mar 19, 2026
Windows Severity MEDIUM Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's explo
Wiz
CVE-2026-21669 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21669 [CRITICAL] CVE-2026-21669 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21669 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 9.9
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 48.9
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 19, 2026
Windows Severity CRITICAL Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in yo
Wiz
CVE-2025-59469 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59469 [CRITICAL] CVE-2025-59469 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59469 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup or Tape Operator to write files as root.
Source : NVD
## 9
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's explo
2026-03-12
Published