CVE-2026-32997
published 2026-05-28CVE-2026-32997: A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.
PriorityP354high8.6CVSS 4.0
AVNACLATNPRHUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.51%
39.8th percentile
A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_and_replication | 13 – 13.0.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Veeam Backup and Replication up to 13.0.1 on Linux absolute path traversal (kb4852 / EUVD-2026-32713)
vuldb·2026-05-29·CVSS 8.6
CVE-2026-32997 [HIGH] Veeam Backup and Replication up to 13.0.1 on Linux absolute path traversal (kb4852 / EUVD-2026-32713)
A vulnerability classified as problematic has been found in Veeam Backup and Replication up to 13.0.1 on Linux. Affected by this vulnerability is an unknown functionality. The manipulation leads to absolute path traversal.
This vulnerability is referenced as CVE-2026-32997. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-4x5p-f63m-rvrp: A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication s
ghsa_unreviewed·2026-05-28
CVE-2026-32997 [HIGH] CWE-36 GHSA-4x5p-f63m-rvrp: A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication s
A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.
No detection rules found.
No public exploits indexed.
2026-05-28
Published