Description
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Published: 2026-03-12
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An authenticated domain user can exploit a flaw in Veeam Backup and Replication to execute arbitrary code on the Backup Server. The vulnerability is an access control weakness that allows trusted users to run commands with the server’s privileges. Successful exploitation would let an attacker compromise the whole backup environment, potentially exposing stored backup data and allowing further lateral movement.

Affected Systems

The affected product is Veeam Backup and Replication. Specific version information was not disclosed, so all variants running in an environment where domain users have normal login rights are potentially vulnerable.

Risk and Exploitability

The CVSS score of 10 indicates critical damage potential, while the EPSS score under 1% suggests a low likelihood of widespread exploitation at present. The vulnerability is not catalogued on KEV lists. Exploitation requires the attacker to have valid domain credentials and access to the backup server; consequently, the attack vector is internal and authenticated. Once authenticated, the attacker can launch the remote code execution to gain full control of the backup server.

Generated by OpenCVE AI on March 31, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Veeam patch or update to a fixed release as soon as it is available.
  • If a patch is not yet released, constrain the domain user’s permissions on the Backup Server to the minimum required for backup operations.
  • Actively monitor Backup Server logs for unusual authentication or command execution activity.
  • Maintain strong network segmentation and firewall rules to limit external exposure of the backup infrastructure.

Generated by OpenCVE AI on March 31, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.veeam.com/kb4830 cve-icon cve-icon
History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Authenticated Domain User in Veeam Backup and Replication

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam veeam Backup \& Replication
CPEs cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:*
Vendors & Products Veeam veeam Backup \& Replication

Fri, 20 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Authenticated Domain User in Veeam Backup and Replication

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Vendors & Products Veeam
Veeam backup And Replication

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Veeam Backup And Replication Veeam Backup \& Replication
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-03-13T03:55:44.508Z

Reserved: 2026-01-02T15:00:02.871Z

Link: CVE-2026-21667

cve-icon Vulnrichment

Updated: 2026-03-12T15:33:12.372Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T15:16:13.133

Modified: 2026-03-31T01:01:37.427

Link: CVE-2026-21667

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:36Z

Weaknesses