CVE-2026-21667

Critical CVSS: 9.9

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Vendor

Product

CWE

Yayın Tarihi

2026-03-12 15:16:13

Güncelleme

2026-03-31 01:01:37

Source Identifier

support@hackerone.com

KEV Date Added

CWE-284 Veeam Backup \& Replication CRITICAL Veeam 2026

https://www.veeam.com/kb4830

Critical

CVE-2026-21666

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

High

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup…

Critical

CVE-2026-21669

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

High

CVE-2026-21670

A vulnerability allowing a low-privileged user to extract saved SSH credentials.

Critical

CVE-2026-21671

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE)…

Critical

CVE-2025-59468

This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending…