Skip to content
Tech News
← Back to articles

Veeam warns of critical flaws exposing backup servers to RCE attacks

2026-03-12 | original
read original get Veeam Backup & Replication → more articles
Why This Matters

Veeam Software has addressed critical vulnerabilities in its Backup & Replication solutions, including four RCE flaws that could allow attackers to execute malicious code remotely. These vulnerabilities pose significant risks for enterprise backup servers, which are prime targets for ransomware and cyberattacks, emphasizing the importance of timely patching and updates. The incident highlights the ongoing need for robust security practices in data protection tools used across the industry.

Key Takeaways

Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities.

VBR is enterprise data backup and recovery software that helps IT administrators to create copies of critical data for quick restoration following cyberattacks and hardware failures.

Three RCE security flaws patched today (tracked as CVE-2026-21666, CVE-2026-21667, and CVE-2026-21669) allow low-privileged domain users to execute remote code on vulnerable backup servers in low-complexity attacks.

The fourth one (tracked as CVE-2026-21708) allows a Backup Viewer to gain remote code execution as the postgres user.

Veeam also addressed several high-severity security bugs that can be exploited to escalate privileges on Windows-based Veeam Backup & Replication servers, extract saved SSH credentials, and bypass restrictions to manipulate arbitrary files on a Backup Repository.

These vulnerabilities were discovered during internal testing or reported through HackerOne and are resolved in Veeam Backup & Replication versions 12.3.2.4465 and 13.0.1.2067.

Veeam also warned admins to upgrade the software to the latest release as soon as possible, since threat actors often begin developing exploits shortly after patches are released.

"It's important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software," the company warned. "This reality underscores the critical importance of ensuring that all customers use the latest versions of our software and install all updates and patches without delay."

VBR servers targeted in ransomware attacks

VBR is popular among managed service providers and mid-sized to large enterprises, even though ransomware gangs commonly target VBR servers because they can serve as a quick jumping-off point for lateral movement within breached networks, simplify data theft, and make it easy to block restoration efforts by deleting victims' backups.

... continue reading

Explore topics: veeam backup & replication rce vulnerabilities hackerone v12.3.2
Related:
Curl ending bug bounty program after flood of AI slop reports
New Veeam vulnerabilities expose backup servers to RCE attacks
New Veeam RCE flaw lets domain users hack backup servers
Veeam Recovery Orchestrator users locked out after MFA rollout
HackerOne paid $81 million in bug bounties over the past year

© 2026 GoKawiil

About | Editorial Policy | Contact