{"id":254,"date":"2026-03-13T06:20:52","date_gmt":"2026-03-13T06:20:52","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=254"},"modified":"2026-03-13T06:20:52","modified_gmt":"2026-03-13T06:20:52","slug":"veeam-patches-7-critical-backup-replication-flaws-allowing-remote-code-execution","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=254","title":{"rendered":"Veeam Patches 7 Critical Backup &#038; Replication Flaws Allowing Remote Code Execution"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Mar 13, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Enterprise Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVixoCttO0Li1BNrJG6s8rsycHEzgVh52YFA_RHnrq4QMjt3fPQuKCJfw8rqCMZtgrSGrXxpPvTyhWQ_rD0D44_3TvBfNC0Eq_VRSWIqDFpDFdKdHMwQIidTX8E4Kc4iiWt3xcwhW_YC8oKLTZFMWN-uyCUjtIavnhXRHbs3gJOLuTUI1zg79tkK4gpsaQ\/s1700-e365\/veeam.png\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Veeam has released security updates to address multiple critical vulnerabilities in its Backup &amp; Replication software that, if successfully exploited, could result in remote code execution.<\/p>\n<p>The <a href=\"https:\/\/www.veeam.com\/kb4830\" rel=\"noopener\" target=\"_blank\">vulnerabilities<\/a> are as follows &#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-21666<\/strong> (CVSS score: 9.9) &#8211; A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.<\/li>\n<li><strong>CVE-2026-21667<\/strong> (CVSS score: 9.9) &#8211; A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.<\/li>\n<li><strong>CVE-2026-21668<\/strong> (CVSS score: 8.8) &#8211; A vulnerability that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.<\/li>\n<li><strong>CVE-2026-21672<\/strong> (CVSS score: 8.8) &#8211; A vulnerability that allows local privilege escalation on Windows-based Veeam Backup &amp; Replication servers.<\/li>\n<li><strong>CVE-2026-21708<\/strong> (CVSS score: 9.9) &#8211; A vulnerability that allows a Backup Viewer to perform remote code execution as the postgres user.<\/li>\n<\/ul>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/fs-report-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjWQgUDT06NQu9vGMPC7BWROmJABTIWg058l7oGKD-v3ZchC8_66xjbclOE9koChsRf5CEKgqrXTVrne_00PdGokh3brhvF-g33I4FYYpTukrvuNQWXZOVAfon6-2axyRoVJ4uOrXPqRhxfZUaJWEm-K9esUS3ql8VSVWAKLqyfhHLgMSXhkMTkcOtGSX7R\/s728-e100\/fs-report-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The shortcomings, which affect Veeam Backup &amp; Replication 12.3.2.4165 and all earlier version 12 builds, have been addressed in <a href=\"https:\/\/www.veeam.com\/kb4696\" rel=\"noopener\" target=\"_blank\">version 12.3.2.4465<\/a>. CVE-2026-21672 and CVE-2026-21708 have also been fixed in <a href=\"https:\/\/www.veeam.com\/kb4738\" rel=\"noopener\" target=\"_blank\">Backup &amp; Replication 13.0.1.2067<\/a>, along with <a href=\"https:\/\/www.veeam.com\/kb4831\" rel=\"noopener\" target=\"_blank\">two more critical security flaws<\/a> &#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-21669<\/strong> (CVSS score: 9.9) &#8211; A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.<\/li>\n<li><strong>CVE-2026-21671<\/strong> (CVSS score: 9.1) &#8211; A vulnerability that allows an authenticated user with the Backup Administrator role to perform remote code execution in high availability (HA) deployments of Veeam Backup &amp; Replication.<\/li>\n<\/ul>\n<p>\u00abIt&#8217;s important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software,\u00bb the company said in its advisory.<\/p>\n<p>With vulnerabilities in Veeam software having been repeatedly exploited by threat actors to carry out ransomware attacks in the past, it&#8217;s essential that users update their instances to the latest version to safeguard against any potential threat.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Mar 13, 2026Vulnerability \/ Enterprise Security Veeam has released security updates to address multiple critical vulnerabilities in its Backup &amp; Replication software that, if successfully exploited, could result in&hellip;<\/p>\n","protected":false},"author":1,"featured_media":255,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[60,648,10,58,13,11,57,12,649,647],"class_list":["post-254","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-allowing","tag-backup","tag-code","tag-critical","tag-execution","tag-flaws","tag-patches","tag-remote","tag-replication","tag-veeam"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=254"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/254\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/255"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}