CVE-2026-21708
published 2026-03-12CVE-2026-21708: A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
PriorityP267critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAL
EPSS
1.09%
61.3th percentile
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_and_replication | >= 12 < 12.3.2 | 12.3.2 |
| veeam | backup_and_replication | >= 13 < 13.0.1 | 13.0.1 |
| veeam | veeam_backup_replication | >= 12.0.0.1402 < 12.3.2.4465. | 12.3.2.4465. |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-21708 affects Veeam Backup & Replication; exploit requires the attacker to hold the 'Backup Viewer' role — monitor for unexpected RCE activity originating from accounts with that role, executing as the postgres OS user ↗
- →Alert on process execution where the parent process is a Veeam Backup & Replication service and the spawned process runs under the 'postgres' OS user account — this is the expected post-exploitation execution context for CVE-2026-21708 ↗
- →Prioritize patching to Veeam Backup & Replication versions 12.3.2.4465 or 13.0.1.2067; unpatched instances are high-value targets — threat actors are known to reverse-engineer Veeam patches rapidly to build exploits ↗
- →VBR servers are historically targeted by ransomware groups (FIN7, Cuba, Frag, Akira, Fog, BlackBasta, REvil, Maze, Egregor, Conti) for lateral movement and backup deletion — treat any anomalous activity on VBR hosts as high priority ↗
- ·No public exploit exists for CVE-2026-21708 at time of publication; EPSS exploitation probability is 1.1% (78.1st percentile), indicating elevated but not yet confirmed in-the-wild exploitation ↗
- ·CVE-2026-21708 is not listed in CISA KEV as of the source publication date ↗
- ·Veeam explicitly warns that patch reverse-engineering by attackers is expected shortly after disclosure, compressing the window for safe remediation ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Veeam warns of critical flaws exposing backup servers to RCE attacks
blogs_bleepingcomputer·2026-03-12·CVSS 9.9
[CRITICAL] Veeam warns of critical flaws exposing backup servers to RCE attacks
## Veeam warns of critical flaws exposing backup servers to RCE attacks
## Sergiu Gatlan
Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities.
VBR is enterprise data backup and recovery software that helps IT administrators to create copies of critical data for quick restoration following cyberattacks and hardware failures.
Three RCE security flaws patched today (tracked as CVE-2026-21666 , CVE-2026-21667 , and CVE-2026-21669 ) allow low-privileged domain users to execute remote code on vulnerable backup servers in low-complexity attacks.
The fourth one (tracked as CVE-2026-21708 ) allows a Backup Viewer to gain remote code execution as the postgres user.
Veeam also
Wiz
CVE-2025-59468 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59468 [CRITICAL] CVE-2025-59468 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59468 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
Source : NVD
## 9.1
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessment
Wiz
CVE-2026-21708 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21708 [CRITICAL] CVE-2026-21708 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21708 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
Source : NVD
## 9.9
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 78.1
Exploitation Probability (EPSS) 1.1
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploita
Wiz
CVE-2026-21672 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21672 [CRITICAL] CVE-2026-21672 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21672 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable,
Wiz
CVE-2026-21666 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21666 [CRITICAL] CVE-2026-21666 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21666 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.4
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
cpe:2.3:a:veeam:backup_and_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
Wiz
CVE-2026-21668 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-21668 [HIGH] CVE-2026-21668 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21668 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
Source : NVD
## 6.5
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity MEDIUM Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prio
Wiz
CVE-2026-21671 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21671 [CRITICAL] CVE-2026-21671 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21671 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
Source : NVD
## 9.1
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.7
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 31, 2026
Windows Severity CRITICAL Has Fix Added at: Apr 02,
Wiz
CVE-2026-21667 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21667 [CRITICAL] CVE-2026-21667 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21667 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 8.8
Score
Published March 12, 2026
Severity HIGH
CNA Score 9.9
High-profile Vulnerability Yes
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 53.4
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:backup_and_replication
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity HIGH Has Fix Added at: Mar 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
Wiz
CVE-2025-59470 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59470 [CRITICAL] CVE-2025-59470 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59470 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Source : NVD
## 9
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 37.8
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessmen
Wiz
CVE-2025-55125 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-55125 [HIGH] CVE-2025-55125 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-55125 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Source : NVD
## 9.8
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 7.8
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 13, 2026
## Get a CVE risk assessment
Ge
Wiz
CVE-2026-21670 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21670 [CRITICAL] CVE-2026-21670 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21670 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
Source : NVD
## 6.5
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 7.7
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity MEDIUM Has Fix Added at: Mar 19, 2026
Windows Severity MEDIUM Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's explo
Wiz
CVE-2026-21669 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21669 [CRITICAL] CVE-2026-21669 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21669 :
Veeam Backup & Replication vulnerability analysis and mitigation
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Source : NVD
## 9.9
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 48.9
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Mar 19, 2026
Windows Severity CRITICAL Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in yo
Wiz
CVE-2025-59469 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59469 [CRITICAL] CVE-2025-59469 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59469 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup or Tape Operator to write files as root.
Source : NVD
## 9
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's explo
2026-03-12
Published