Description
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized file manipulation on backup repository
Action: Immediate Patch
AI Analysis

Impact

An authenticated domain user can bypass access restrictions and modify or delete arbitrary files on a Veeam Backup and Replication repository. This allows an attacker with valid domain credentials to tamper with backup data, potentially corrupting restores, or placing malicious payloads, thereby compromising data integrity and availability.

Affected Systems

The affected product is Veeam Backup and Replication. No version details are provided, and the issue applies to all supported releases using the repository feature.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability, but the EPSS score indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the KEV catalog, suggesting that there have been no confirmed exploits. The attack vector requires an authenticated domain user, so internal threat actors or compromised credentials can exploit this. No remote code execution is implied; the exploitation results in unauthorized file changes.

Generated by OpenCVE AI on April 1, 2026 at 05:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest available Veeam Backup and Replication patch that fixes the repository file permissions issue.
  • If a patch cannot be applied immediately, remove or reduce domain user permissions that allow write access to the backup repository.
  • Verify that repository folders are protected by appropriate ACLs and are not writable by arbitrary domain users.

Generated by OpenCVE AI on April 1, 2026 at 05:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.veeam.com/kb4830 cve-icon cve-icon
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Domain User Bypass of Backup Repository File Access in Veeam Backup and Replication
Weaknesses CWE-284

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam veeam Backup \& Replication
CPEs cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:*
Vendors & Products Veeam veeam Backup \& Replication

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Domain User Bypass of Backup Repository File Access in Veeam Backup and Replication
Weaknesses CWE-284
CWE-862

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository
Weaknesses CWE-284

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository
Weaknesses CWE-284

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Domain User Bypass Allows File Manipulation on Veeam Backup Repository
Weaknesses CWE-285
CWE-732

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Domain User Bypass Allows File Manipulation on Veeam Backup Repository
Weaknesses CWE-285
CWE-732

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User File Manipulation in Veeam Backup Repository
Weaknesses CWE-284

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User File Manipulation in Veeam Backup Repository
Weaknesses CWE-284

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Can Manipulate Backup Repository Files
Weaknesses CWE-284
CWE-732

Mon, 23 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Can Manipulate Backup Repository Files
Weaknesses CWE-284
CWE-732

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository
Weaknesses CWE-284

Fri, 20 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Bypass Allows Arbitrary File Manipulation on Veeam Backup Repository
Weaknesses CWE-284

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Vendors & Products Veeam
Veeam backup And Replication

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Veeam Backup And Replication Veeam Backup \& Replication
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-03-13T03:55:45.308Z

Reserved: 2026-01-02T15:00:02.871Z

Link: CVE-2026-21668

cve-icon Vulnrichment

Updated: 2026-03-12T15:25:42.569Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T15:16:13.260

Modified: 2026-03-31T13:17:28.180

Link: CVE-2026-21668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:19Z

Weaknesses