- Veeam fixes five backup and replication bugs
- Three critical RCE bugs (CVE-2026-21666, -21667, -21708) fixed
- The company encourages immediate upgrades to avoid exploitation
Veeam has said it has recently fixed five bugs in its Backup & Replication solution, including three critical severity issues that could have allowed remote code execution (RCE) attacks.
Veeam Backup & Replication is Veeam’s flagship product for enterprise data protection. It provides backup, recovery and replication of virtual, physical and cloud workloads and supports VMware vSphere, Microsoft Hyper-V and major public clouds.
Here’s the breakdown of the five flaws, as listed in a security advisory posted on the company’s website:
The article continues below
- CVE-2026-21666 and CVE-2026-21667 are both vulnerabilities that allow an authenticated domain user to perform remote code execution on the backup server. They both got a difficulty rating of 9.9/10 (Critical)
- CVE-2026-21708, a vulnerability that allows a Backup Viewer to perform remote code execution as the postgres user. This one also got a 9.9/10 (critical) difficulty rating.
- CVE-2026-21668 is a flaw that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a backup repository. Its difficulty rating is 8.8/10 (high)
- CVE-2026-21672, an 8.8/10 (high) vulnerability that allows local privilege escalation on Windows-based Veeam Backup & Replication servers.
Encourages customers to patch
The bugs affect Veeam Backup & Replication 12.3.2.4165 and all previous version 12 builds and were fixed starting with build 12.3.2.4465.
The company urged its customers to upgrade the software as soon as possible, as hackers are known to target recently patched bugs:
“It is important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software,” the company said.
“This reality underscores the critical importance of ensuring that all customers are using the latest versions of our software and installing all updates and patches without delay.”
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
