Security updates have been released by Veeam to address several serious vulnerabilities in its Backup & Replication platform. If successfully exploited, these security flaws could allow attackers to execute malicious code remotely and compromise backup infrastructure.
The vulnerabilities impact multiple builds of Veeam Backup & Replication, one of the most widely used enterprise backup and disaster recovery solutions.
Critical Vulnerabilities Discovered
Researchers identified several high-severity vulnerabilities that could be abused by attackers with authenticated access. The most significant issues include:
- CVE-2026-21666 (CVSS 9.9)
Allows an authenticated domain user to perform remote code execution (RCE) on the backup server. - CVE-2026-21667 (CVSS 9.9)
Another flaw enabling authenticated users to execute arbitrary code on the backup server. - CVE-2026-21668 (CVSS 8.8)
Allows attackers to bypass security restrictions and manipulate files on a backup repository. - CVE-2026-21672 (CVSS 8.8)
Enables local privilege escalation on Windows based Veeam servers. - CVE-2026-21708 (CVSS 9.9)
Allows a backup viewer role to execute code as the postgres user, potentially leading to system compromise.
Additional Vulnerabilities in Newer Versions
Two more critical vulnerabilities were discovered in newer releases of the software:
- CVE-2026-21669 (CVSS 9.9)
Allows authenticated domain users to execute remote code on backup servers. - CVE-2026-21671 (CVSS 9.1)
Allows a user with Backup Administrator privileges to execute malicious code in high availability deployments.
Affected Versions and Security Updates
The vulnerabilities affect version 12 builds up to 12.3.2.4165 of Veeam Backup & Replication.
They have been addressed in the following updates:
These updates fix the identified vulnerabilities and improve overall security protections.
Risk of Exploitation After Patch Disclosure
Veeam warned that once vulnerabilities and patches become public, attackers often analyze the updates to identify how the flaws work. This process allows them to develop exploits targeting organizations that have not yet applied the patches.
Because backup infrastructure often stores critical enterprise data, it has become a prime target for cybercriminals and ransomware operators.
Importance of Immediate Patching
Security experts strongly recommend that organizations upgrade their systems as soon as possible.
In previous ransomware incidents, attackers have specifically targeted backup systems to disable recovery mechanisms before launching large scale attacks. Keeping backup infrastructure fully patched is therefore essential for maintaining cyber resilience.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
