Description
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
Published: 2026-05-28
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability enables an attacker with local access to elevate privileges on a Windows machine that has Veeam Agent installed, allowing the attacker to perform actions with higher privileges than the user who executed them.

Affected Systems

Veeam Agent for Microsoft Windows, part of the Veeam:Backup and Replication suite. No specific version information is provided; any installation of the agent may be affected.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity for local privilege escalation. EPSS is not available, so the exploitation likelihood cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. An attacker would need local or legitimate user access, and the likely attack vector is a user‑initiated action or a local script that exploits the flaw.

Generated by OpenCVE AI on May 28, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Veeam Agent patch available from Veeam KB4852.
  • Ensure the Veeam Agent service runs with the minimum required privileges and disable any unnecessary elevated local accounts.
  • Configure local security policies to restrict privilege escalation and monitor for unauthorized changes.

Generated by OpenCVE AI on May 28, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.veeam.com/kb4852 cve-icon cve-icon
History

Thu, 28 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Vendors & Products Veeam
Veeam backup And Replication

Thu, 28 May 2026 06:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation in Veeam Agent for Microsoft Windows

Thu, 28 May 2026 04:45:00 +0000

Type Values Removed Values Added
Description This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
Weaknesses CWE-532
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Veeam Backup And Replication
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-05-29T03:55:48.045Z

Reserved: 2026-03-17T15:00:07.747Z

Link: CVE-2026-32996

cve-icon Vulnrichment

Updated: 2026-05-28T13:14:03.330Z

cve-icon NVD

Status : Deferred

Published: 2026-05-28T05:16:35.637

Modified: 2026-05-29T15:39:34.620

Link: CVE-2026-32996

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T07:15:11Z

Weaknesses