"CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21667 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server."
"CVE-2026-21668 (CVSS score: 8.8) - A vulnerability that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. CVE-2026-21672 (CVSS score: 8.8) - A vulnerability that allows local privilege escalation on Windows-based Veeam Backup & Replication servers."
"It's important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software."
Veeam has released security patches for multiple critical vulnerabilities affecting Backup & Replication software versions 12 and 13. Five vulnerabilities with CVSS scores of 8.8 to 9.9 impact version 12.3.2.4165 and earlier, including remote code execution flaws for authenticated domain users and file manipulation capabilities on backup repositories. Version 12.3.2.4465 addresses these issues. Two additional critical vulnerabilities affect version 13.0.1.2067, enabling remote code execution for authenticated users and administrators in high availability deployments. Veeam warns that attackers will likely reverse-engineer patches to exploit unpatched systems, emphasizing the urgency of applying updates.
#veeam-security-vulnerabilities #remote-code-execution #backup--replication #critical-patches #privilege-escalation
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]