Description
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Published: 2026-03-12
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw in Veeam Backup and Replication permits an authenticated domain user to run arbitrary code on the Backup Server, which can lead to full compromise of confidentiality, integrity, and availability; the issue results from improper access control and is identified as CWE‑284.

Affected Systems

Affected systems are installations of Veeam Backup and Replication. No specific release numbers are listed, so all versions should be treated as vulnerable until a vendor update is applied.

Risk and Exploitability

The CVSS score of 10 reflects maximum severity, yet the EPSS score is below 1 % and the vulnerability is not in the CISA KEV catalog. The likely attack method involves a domain user who authenticates to the backup server and submits malicious input that is executed with the service’s privileges. No public exploit has been reported, but the combination of required authentication with remote code execution makes this a high‑risk issue for any compromised account.

Generated by OpenCVE AI on March 31, 2026 at 06:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest fix or security update from Veeam immediately
  • Restrict domain user accounts to read‑only access unless backup operations truly require write permissions
  • If supported, disable or sandbox remote execution features to limit exploitation surface
  • Continuously monitor the backup server and audit logs for unexpected command execution or anomalous activity

Generated by OpenCVE AI on March 31, 2026 at 06:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.veeam.com/kb4830 cve-icon cve-icon
History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution in Veeam Backup and Replication

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam veeam Backup \& Replication
CPEs cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:*
Vendors & Products Veeam veeam Backup \& Replication

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Vendors & Products Veeam
Veeam backup And Replication

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Veeam Backup And Replication Veeam Backup \& Replication
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-03-13T03:55:43.772Z

Reserved: 2026-01-02T15:00:02.871Z

Link: CVE-2026-21666

cve-icon Vulnrichment

Updated: 2026-03-12T15:32:14.640Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T15:16:13.007

Modified: 2026-03-31T01:02:57.667

Link: CVE-2026-21666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:35Z

Weaknesses