Veeam Backup And Replication vulnerabilities
12 known vulnerabilities affecting veeam/backup_and_replication.
Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH5MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2026-21708P2CRITICALCVSS 9.9≥ 12, < 12.3.2≥ 13, < 13.0.12026-03-12
CVE-2026-21708 [CRITICAL] CWE-89 CVE-2026-21708: A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
nvd
CVE-2026-21669P2CRITICALCVSS 9.9≥ 13.0.1, < 13.0.12026-03-12
CVE-2026-21669 [CRITICAL] CWE-94 CVE-2026-21669: A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
nvd
CVE-2026-44963P2CRITICALCVSS 9.4fixed in 12.3.22026-06-09
CVE-2026-44963 [CRITICAL] CWE-502 CVE-2026-44963: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
nvd
CVE-2025-48983P2CRITICALCVSS 9.9≥ 12.3.2, ≤ 12.3.22025-10-31
CVE-2025-48983 [CRITICAL] CWE-284 CVE-2025-48983: A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code exe
A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
nvd
CVE-2026-21666P2HIGHCVSS 8.8≥ 12.3.2, < 12.3.22026-03-12
CVE-2026-21666 [HIGH] CWE-284 CVE-2026-21666: A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
nvd
CVE-2025-48984P2HIGHCVSS 8.8≥ 12.3.2, ≤ 12.3.22025-10-31
CVE-2025-48984 [HIGH] CWE-94 CVE-2025-48984: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
nvd
CVE-2026-32997P3HIGHCVSS 8.6≥ 13, ≤ 13.0.12026-05-28
CVE-2026-32997 [HIGH] CWE-36 CVE-2026-32997: A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary
A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.
nvd
CVE-2026-21672P3HIGHCVSS 8.8≥ 12, < 12.3.2≥ 13, < 13.0.12026-03-12
CVE-2026-21672 [HIGH] CWE-538 CVE-2026-21672: A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication serv
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
nvd
CVE-2026-21668P3MEDIUMCVSS 6.5≥ 12.3.2, < 12.3.22026-03-12
CVE-2026-21668 [MEDIUM] CWE-862 CVE-2026-21668: A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrar
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
nvd
CVE-2026-21670P3MEDIUMCVSS 6.5≥ 13.0.1, < 13.0.12026-03-12
CVE-2026-21670 [MEDIUM] CWE-522 CVE-2026-21670: A vulnerability allowing a low-privileged user to extract saved SSH credentials.
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
nvd
CVE-2026-32996P3HIGHCVSS 7.3≥ 13, ≤ 13.0.12026-05-28
CVE-2026-32996 [HIGH] CWE-532 CVE-2026-32996: This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
nvd
CVE-2026-21709P4MEDIUMCVSS 6.7≥ 12, < 12.3.22026-04-17
CVE-2026-21709 [MEDIUM] CWE-77 CVE-2026-21709: A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Sig
A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
nvd