Description
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Published: 2026-03-12
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an input‑sourced code injection (CWE‑94) that allows an authenticated domain user to execute arbitrary code on the Veeam Backup Server when the vulnerable component is triggered. The impact is the ability to run arbitrary commands with the permissions of the server process, potentially compromising the entire Veeam infrastructure and any data it manages.

Affected Systems

Affected systems include the Veeam Backup and Replication product, specifically the Backup Server component. Version information is not provided in the available data.

Risk and Exploitability

The risk assessment indicates an extremely high severity, with a CVSS score of 10. However, the EPSS score is under 1%, suggesting that there are currently no widely deployed public exploits. The vulnerability requires authenticated access as a domain user, meaning that attackers with domain credentials can exploit the flaw, but no anonymous or public network access is required. The absence from the KEV catalog further indicates that no publicly documented active exploitation has been reported.

Generated by OpenCVE AI on April 1, 2026 at 05:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest patch or upgrade to a version that includes the fix for this RCE
  • If a patch is not yet available, restrict or remove privileged domain rights from users who have access to the Backup Server and consider using network segmentation to isolate the Backup Server from general domain traffic
  • Monitor Backup Server logs for authentication attempts or unusual activity and investigate any suspicious events

Generated by OpenCVE AI on April 1, 2026 at 05:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.veeam.com/kb4831 cve-icon cve-icon
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution on Veeam Backup Server

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Domain-Authenticated Remote Code Execution on Veeam Backup Server
Weaknesses CWE-269
CWE-78

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam veeam Backup \& Replication
CPEs cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:*
Vendors & Products Veeam veeam Backup \& Replication

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Domain-Authenticated Remote Code Execution on Veeam Backup Server
Weaknesses CWE-269
CWE-78
CWE-94

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution in Veeam Backup Server
Weaknesses CWE-20
CWE-285
CWE-94

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution in Veeam Backup Server
Weaknesses CWE-20
CWE-285
CWE-94

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Code Execution in Veeam Backup Server
Weaknesses CWE-78

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Code Execution in Veeam Backup Server
Weaknesses CWE-78

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution on Veeam Backup Server
Weaknesses CWE-120
CWE-284

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution on Veeam Backup Server
Weaknesses CWE-120
CWE-284

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution in Veeam Backup and Replication
Weaknesses CWE-284

Mon, 23 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution in Veeam Backup and Replication
Weaknesses CWE-284

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution in Veeam Backup and Replication
Weaknesses CWE-269
CWE-94

Fri, 20 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Title Authenticated Domain User Remote Code Execution in Veeam Backup and Replication
Weaknesses CWE-269
CWE-94

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Vendors & Products Veeam
Veeam backup And Replication

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Veeam Backup And Replication Veeam Backup \& Replication
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-03-13T03:55:45.985Z

Reserved: 2026-01-02T15:00:02.871Z

Link: CVE-2026-21669

cve-icon Vulnrichment

Updated: 2026-03-12T15:26:40.929Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T15:16:13.383

Modified: 2026-03-31T13:17:22.957

Link: CVE-2026-21669

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:20Z

Weaknesses