- 61/2026
- Critical
Veeam has released security updates to fix several vulnerabilities across Veeam Backup & Replication version 13.0.1.1071 and all earlier version 13 builds and version 12.3.2.4165 and all earlier version 12 builds.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, manipulate repository files, extract stored credentials, escalate privileges, or execute arbitrary code, and gain access to affected systems.
Sample of the addressed vulnerabilities:
1. Veeam Remote Code Execution on the Backup Server Vulnerability (CVE- 2026-21666):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Veeam Bypass Restrictions and Manipulate Arbitrary Files on a BackupRepository Vulnerability (CVE-2026-21668):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
Vulnerabilities
- CVE-2026-21666
- CVE-2026-21667
- CVE-2026-21668
- CVE-2026-21669
- CVE-2026-21670
- CVE-2026-21671
- CVE-2026-21672
- CVE-2026-21708
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.