"Three of the vulnerabilities allow domain users with limited privileges to remotely execute code on a vulnerable server, BleepingComputer reports. These security flaws are registered as CVE-2026-21666, CVE-2026-21667, and CVE-2026-21669. According to Veeam, these attacks require relatively little complexity, which may increase the risk of exploitation in environments with multiple domain users."
"In addition, a fourth critical vulnerability has been resolved, registered as CVE-2026-21708. This vulnerability allows a user with the Backup Viewer role to execute code with the privileges of the postgres user."
"Veeam emphasizes the importance of installing updates promptly. As soon as details about a vulnerability and the corresponding patch are made public, attackers often attempt to analyze how the patch works. Based on this, they can target systems that have not yet been updated."
Veeam has patched multiple security vulnerabilities in its Backup & Replication platform, a widely-used enterprise backup solution. Four critical vulnerabilities allow remote code execution: three enable domain users with limited privileges to execute code remotely with low complexity, while a fourth allows Backup Viewer role users to execute code with postgres user privileges. Additional high-severity vulnerabilities permit privilege escalation on Windows servers, SSH credential theft, and unauthorized file modifications in backup repositories. The vulnerabilities were discovered through internal testing or HackerOne bug bounty reports. Veeam urges immediate patching, as attackers typically analyze patches to target unpatched systems.
#veeam-backup--replication #remote-code-execution #critical-vulnerabilities #security-patches #enterprise-backup-security
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]