Description
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated domain user can bypass repository access restrictions and modify or delete arbitrary files on a Veeam Backup and Replication repository. The vulnerability enables attackers with valid domain credentials to tamper with backup data, potentially corrupting restores or inserting malicious payloads, thereby compromising data integrity and availability.

Affected Systems

The affected product is Veeam Backup and Replication. No specific version information is provided, so all supported releases that use the repository feature are potentially impacted.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, but the EPSS score of less than 1% denotes a very low probability of exploitation in the wild. The vulnerability is not listed in the KEV catalog, indicating no confirmed exploits. The attack vector requires an authenticated domain user, so internal threat actors or compromised credentials can exploit this. No remote code execution occurs; the exploitation results in unauthorized file changes.

Generated by OpenCVE AI on May 10, 2026 at 15:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Veeam Backup and Replication patch that fixes the repository file permissions issue.
  • Restrict domain users from having write access to repository folders by tightening ACLs.
  • Verify that repository directories are protected and only accessible by required privileged roles.

Generated by OpenCVE AI on May 10, 2026 at 15:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.veeam.com/kb4830 cve-icon cve-icon
History

Sun, 10 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository

Sun, 10 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Domain User Bypass of Backup Repository File Access in Veeam Backup and Replication
Weaknesses CWE-284

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam veeam Backup \& Replication
CPEs cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:*
Vendors & Products Veeam veeam Backup \& Replication

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Domain User Bypass of Backup Repository File Access in Veeam Backup and Replication
Weaknesses CWE-284
CWE-862

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository
Weaknesses CWE-284

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository
Weaknesses CWE-284

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Domain User Bypass Allows File Manipulation on Veeam Backup Repository
Weaknesses CWE-285
CWE-732

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Domain User Bypass Allows File Manipulation on Veeam Backup Repository
Weaknesses CWE-285
CWE-732

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User File Manipulation in Veeam Backup Repository
Weaknesses CWE-284

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User File Manipulation in Veeam Backup Repository
Weaknesses CWE-284

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Can Manipulate Backup Repository Files
Weaknesses CWE-284
CWE-732

Mon, 23 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Can Manipulate Backup Repository Files
Weaknesses CWE-284
CWE-732

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository
Weaknesses CWE-284

Fri, 20 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository
Weaknesses CWE-284

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Vendors & Products Veeam
Veeam backup And Replication

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Veeam Backup And Replication Veeam Backup \& Replication
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-05-10T13:33:44.706Z

Reserved: 2026-01-02T15:00:02.871Z

Link: CVE-2026-21668

cve-icon Vulnrichment

Updated: 2026-03-12T15:25:42.569Z

cve-icon NVD

Status : Modified

Published: 2026-03-12T15:16:13.260

Modified: 2026-05-10T14:16:46.907

Link: CVE-2026-21668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T16:00:13Z

Weaknesses