Skip to main content
Cyber News & CTI Reports :: 2026-03-12 | Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Contact Page | Privacy Policy

2026-03-12 | Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

1. AI Summary

Veeam patched multiple critical CVEs in Backup & Replication allowing RCE and privilege escalation; fixes released in versions 12.3.2.4465 and 13.0.1.2067; past exploitation linked to ransomware attacks.

2. IOCs

IOC Type Value Description Relevant MITRE ATT&CK Techniques
Vulnerability CVE-2026-21666 Low-privileged users execute RCE on Backup servers T1200.003
Vulnerability CVE-2026-21667 Allows an authenticated domain user to perform remote code execution on the Backup Server (CVSS 9.9) T1210
Vulnerability CVE-2026-21668 Allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository (CVSS 8.8) T1059
Vulnerability CVE-2026-21672 Allows local privilege escalation on Windows-based Veeam Backup & Replication servers (CVSS 8.8) T1068
Vulnerability CVE-2026-21708 Backup Viewer gains RCE as postgres user T1200.003
Vulnerability CVE-2026-21669 Allows an authenticated domain user to perform remote code execution on the Backup Server (CVSS 9.9) T1210
Vulnerability CVE-2026-21671 Allows an authenticated user with the Backup Administrator role to perform remote code execution in high availability deployments (CVSS 9.1) T1210

3. MITRE ATT&CK

Code Title
T1210 Exploitation of Remote Services – used for remote code execution via authenticated domain user
T1068 Exploitation for Privilege Escalation – local privilege escalation on Windows-based Veeam servers
T1059.001 Command and Scripting Interpet: PowerShell - PowerShell – potential command-line execution after exploitation
T1059 Command and Scripting Interpreter – generic execution technique

4. Targets

Type Value
Sector Information Technology

5. Article Details

6. Original text

Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows -

CVE-2026-21666
(CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
CVE-2026-21667
(CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
CVE-2026-21668
(CVSS score: 8.8) - A vulnerability that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
CVE-2026-21672
(CVSS score: 8.8) - A vulnerability that allows local privilege escalation on Windows-based Veeam Backup & Replication servers.
CVE-2026-21708
(CVSS score: 9.9) - A vulnerability that allows a Backup Viewer to perform remote code execution as the postgres user. The shortcomings, which affect Veeam Backup & Replication 12.3.2.4165 and all earlier version 12 builds, have been addressed in version 12.3.2.4465 .
CVE-2026-21672
and
CVE-2026-21708
have also been fixed in Backup & Replication 13.0.1.2067 , along with two more critical security flaws -
CVE-2026-21669
(CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
CVE-2026-21671
(CVSS score: 9.1) - A vulnerability that allows an authenticated user with the Backup Administrator role to perform remote code execution in high availability (HA) deployments of Veeam Backup & Replication. "It's important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software," the company said in its advisory.

With vulnerabilities in Veeam software having been repeatedly exploited by threat actors to carry out ransomware attacks in the past, it's essential that users update their instances to the latest version to safeguard against any potential threat.