- Veeam fixes five backup and replication vulnerabilities
- Three critical RCE bugs (CVE-2026-21666, -21667, -21708) fixed
- Company Calls for Immediate Upgrades to Avoid Exploitation
Veeam announced that it recently fixed five vulnerabilities in its backup and replication solution, including three critical severity issues that could have enabled remote code execution (RCE) attacks.
Veeam Backup & Replication is Veeam’s flagship product for enterprise data protection. It provides backup, recovery, and replication of virtual, physical, and cloud workloads, and supports VMware vSphere, Microsoft Hyper-V, and major public clouds.
Here’s the breakdown of the five bugs, as listed in a security advisory posted on the company’s website:
Article continues below
- CVE-2026-21666 and CVE-2026-21667 are both vulnerabilities that allow an authenticated domain user to execute code remotely on the backup server. They both received a severity score of 9.9/10 (critical).
- CVE-2026-21708, a vulnerability that allows a backup viewer to execute code remotely as the postgres user. This one also received a severity score of 9.9/10 (critical).
- CVE-2026-21668 is a bug that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a backup repository. Its severity score is 8.8/10 (high)
- CVE-2026-21672, an 8.8/10 (high) vulnerability allowing local escalation of privilege on Windows-based Veeam Backup & Replication servers.
Urge customers to update
The bugs affect Veeam Backup & Replication 12.3.2.4165 and all versions prior to version 12, and have been fixed as of build 12.3.2.4465.
The company urged its customers to upgrade the software as soon as possible, as hackers are known to target newly patched vulnerabilities:
“It is important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse engineer the patch to exploit unpatched deployments of Veeam software,” the company said.
“This reality highlights the critical importance of ensuring that all customers are using the latest versions of our software and installing all updates and patches without delay.”
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
