- 157/2026
- Critical
Veeam has released security updates to fix several vulnerabilities across Veeam Backup & Replication 13.0.1.2067 and all earlier version 13 builds, Veeam Service Provider Console 9.2.0.33215 and all earlier version 9 builds, and Veeam ONE.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, manipulate sensitive files, or execute arbitrary code, and gain access to affected systems.
Sample of the addressed vulnerabilities:
1. Veeam Service Provider Console Remote Code Execution Vulnerability (CVE- 2026-32998):
- CVSS: 9.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Veeam Linux-Based Backup & Replication Server (Veeam Software Appliance), Arbitrary Files Manipulation Vulnerability (CVE-2026-32997):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Data Manipulation
Vulnerabilities
- CVE-2026-32998
- CVE-2026-32996
- CVE-2026-32997
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.