- Veeam patches five bugs in Backup and Replication
- Fixed three critical RCE bugs (CVE-2026-21666, -21667, -21708)
- Company urges immediate updates to prevent exploitation
Veeam has said it recently fixed five flaws in its Backup & Replication solution, including three critical severity issues that could have enabled remote code execution (RCE) attacks.
Veeam Backup & Replication is Veeam’s flagship product for protecting enterprise data. It provides backup, recovery, and replication for virtual, physical, and cloud workloads, and is compatible with VMware vSphere, Microsoft Hyper-V, and major public clouds.
Here’s the breakdown of the five bugs, as listed in a security advisory posted on the company’s website:
Article continues below.
- CVE-2026-21666 and CVE-2026-21667 are vulnerabilities that allow an authenticated domain user to perform remote code execution on the backup server. Both received a severity score of 9.9/10 (critical)
- CVE-2026-21708, a vulnerability allows a Backup Viewer to perform remote code execution as a postgres user. This also received a severity (critical) score of 9.9/10.
- CVE-2026-21668 is a bug that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files in a backup repository. Your severity score is 8.8/10 (high)
- CVE-2026-21672, a 8.8/10 (high) vulnerability allows local privilege escalation on Windows-based Veeam Backup & Replication servers.
Urge customers to patch
The bugs affect Veeam Backup & Replication 12.3.2.4165 and all previous version 12 builds, and have been fixed starting with build 12.3.2.4465.
The company urged its customers to update the software as soon as possible, as hackers are known for attacking newly fixed flaws:
“It is important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse engineer the patch to exploit unpatched implementations of the Veeam software,” the company said.
“This reality underscores the critical importance of ensuring that all customers are using the latest versions of our software and installing all updates and patches without delay.”
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
