Description
A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.
Published: 2026-05-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw, identified as a CWE-36 weakness, allows an authenticated user with a Backup Administrator role to write arbitrary files on a Linux‑based Veeam Backup & Replication server. The vulnerability permits the attacker to create, replace, or modify any file on the server, which could be used to drop malicious binaries, alter configuration, or otherwise compromise system integrity and availability. This leads to loss of confidentiality, integrity, or availability of the backup services.

Affected Systems

Veeam Backup and Replication deployments running on Linux, where a user is granted the Backup Administrator role. The provided information does not specify affected versions, so any installation lacking the latest security update should be considered vulnerable.

Risk and Exploitability

The flaw has a CVSS score of 8.6, indicating high severity. No EPSS score is available, making the exploitation probability uncertain. It is not listed in the CISA KEV catalog. At minimum, the attacker must have authenticated access as a Backup Administrator, a privilege typically held by trusted personnel, but the broad rights associated with that role can still enable significant damage if the vulnerability is exploited.

Generated by OpenCVE AI on May 28, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch or update to the latest Veeam Backup & Replication Linux version as described in the Veeam KB article.
  • Limit the number of users granted the Backup Administrator role to only those who require it, and enforce the principle of least privilege.
  • Review and tighten file system permissions on the backup server to prevent unauthorized writes to critical directories.
  • Enable and routinely review system logs for anomalous file creation or modification activity, and alert on suspicious events.

Generated by OpenCVE AI on May 28, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.veeam.com/kb4852 cve-icon cve-icon
History

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 06:45:00 +0000

Type Values Removed Values Added
Title Arbitrary File Write on Linux Veeam Backup Server via Authenticated Backup Administrator

Thu, 28 May 2026 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Vendors & Products Veeam
Veeam backup And Replication

Thu, 28 May 2026 04:45:00 +0000

Type Values Removed Values Added
Description A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.
Weaknesses CWE-36
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Veeam Backup And Replication
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-05-28T13:08:25.414Z

Reserved: 2026-03-17T15:00:07.747Z

Link: CVE-2026-32997

cve-icon Vulnrichment

Updated: 2026-05-28T13:08:18.746Z

cve-icon NVD

Status : Received

Published: 2026-05-28T05:16:35.793

Modified: 2026-05-28T05:16:35.793

Link: CVE-2026-32997

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T06:30:10Z

Weaknesses