Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution Ravie LakshmananMar 13, 2026Vulnerability / Enterprise Security Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows - CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21667 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21668 (CVSS score: 8.8) - A vulnerability that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. CVE-2026-21672 (CVSS score: 8.8) - A vulnerability that allows local privilege escalation on Windows-based Veeam Backup & Replication servers. CVE-2026-21708 (CVSS score: 9.9) - A vulnerability that allows a Backup Viewer to perform remote code execution as the postgres user. The shortcomings, which affect Veeam Backup & Replication 12.3.2.4165 and all earlier version 12 builds, have been addressed in version 12.3.2.4465. CVE-2026-21672 and CVE-2026-21708 have also been fixed in Backup & Replication 13.0.1.2067, along with two more critical security flaws - CVE-2026-21669 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21671 (CVSS score: 9.1) - A vulnerability that allows an authenticated user with the Backup Administrator role to perform remote code execution in high availability (HA) deployments of Veeam Backup & Replication. "It's important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software," the company said in its advisory. With vulnerabilities in Veeam software having been repeatedly exploited by threat actors to carry out ransomware attacks in the past, it's essential that users update their instances to the latest version to safeguard against any potential threat. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Backup Security, cybersecurity, enterprise security, privilege escalation, ransomware, remote code execution, software security, Veeam, Vulnerability Trending News Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Load More ▼ Popular Resources Identity Controls Checklist: Find Missing Protections in Apps Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026