Description
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
Published: 2026-03-12
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential Theft
Action: Immediate Patch
AI Analysis

Impact

Veeam Backup and Replication allows a low‑privileged user to extract stored SSH credentials, revealing authentication secrets that may be reused against remote systems managed by the backup appliance. The vulnerability is based on the weakness CWE‑522, a failure to protect credentials during storage or transmission. If exploited, an attacker can obtain valid SSH credentials, enabling further unauthorized access or lateral movement within an organization.

Affected Systems

The affected product is Veeam Backup and Replication. Specific product versions are not listed, so any current release that does not include the vendor’s fix may be vulnerable. The risk applies to all instances that store or cache SSH credentials for remote host access.

Risk and Exploitability

The CVSS score of 7.7 indicates a high severity impact if the flaw is exploited. The EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires a local low‑privileged account on the Veeam appliance; based on the description, it is inferred that the attacker must have such access in order to read the cached credentials. No publicly available exploits have been disclosed, so the risk remains primarily theoretical until an attacker acquires local access.

Generated by OpenCVE AI on April 1, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for Veeam Backup and Replication as outlined in the Veeam knowledge base
  • Limit local user privileges to prevent unauthorized access to the credential cache
  • Monitor account activity and audit logs for abnormal attempts to retrieve SSH credentials

Generated by OpenCVE AI on April 1, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.veeam.com/kb4831 cve-icon cve-icon
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Veeam Backup and Replication Low‑Privileged SSH Credential Extraction Vulnerability

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Veeam Backup and Replication SSH Credential Exposure
Weaknesses CWE-200
CWE-285

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam veeam Backup \& Replication
Weaknesses CWE-522
CPEs cpe:2.3:a:veeam:veeam_backup_\&_replication:*:*:*:*:*:*:*:*
Vendors & Products Veeam veeam Backup \& Replication

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Veeam Backup and Replication SSH Credential Exposure
Weaknesses CWE-200
CWE-285

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Credential Extraction via Stored SSH Credentials in Veeam Backup and Replication
Weaknesses CWE-200
CWE-311

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Credential Extraction via Stored SSH Credentials in Veeam Backup and Replication
Weaknesses CWE-200
CWE-311

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Veeam Backup Credentials Exposure for Low‑Privileged Users
Weaknesses CWE-200
CWE-269

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Veeam Backup Credentials Exposure for Low‑Privileged Users
Weaknesses CWE-200
CWE-269

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Low‑Privileged User Can Steal SSH Credentials in Veeam Backup and Replication
Weaknesses CWE-200
CWE-862

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Low‑Privileged User Can Steal SSH Credentials in Veeam Backup and Replication
Weaknesses CWE-200
CWE-862

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title Extraction of Saved SSH Credentials by Low-Privileged Users in Veeam Backup
Weaknesses CWE-200
CWE-284

Mon, 23 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Title Extraction of Saved SSH Credentials by Low-Privileged Users in Veeam Backup
Weaknesses CWE-200
CWE-284

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Low-Privileged Credential Extraction in Veeam Backup and Replication
Weaknesses CWE-200
CWE-798

Fri, 20 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Title Low-Privileged Credential Extraction in Veeam Backup and Replication
Weaknesses CWE-200
CWE-798

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Vendors & Products Veeam
Veeam backup And Replication

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability allowing a low-privileged user to extract saved SSH credentials.
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Veeam Backup And Replication Veeam Backup \& Replication
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-03-12T15:34:25.911Z

Reserved: 2026-01-02T15:00:02.871Z

Link: CVE-2026-21670

cve-icon Vulnrichment

Updated: 2026-03-12T15:34:20.910Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T15:16:13.510

Modified: 2026-03-31T00:45:56.800

Link: CVE-2026-21670

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:21Z

Weaknesses