Veeam Releases Security Updates for Backup & Replication
Security bulletin addresses vulnerabilities that could allow for remote code execution and privilege escalation
Summary
Security bulletin addresses vulnerabilities that could allow for remote code execution and privilege escalation
Affected platforms
The following platforms are known to be affected:
Threat details
Unsupported versions should be considered vulnerable
Veeam states, "Unsupported product versions are not tested, but are likely affected and should be considered vulnerable".
Introduction
Veeam has released a security bulletin to address three critical vulnerabilities in Backup & Replication.
- CVE-2026-21666 - Authenticated Remote Code Execution vulnerability - CVSSv3: 9.9
- CVE-2026-21667 - Authenticated Remote Code Execution vulnerability - CVSSv3: 9.9
- CVE-2026-21708 - Authenticated Remote Code Execution vulnerability - CVSSv3: 9.9
The security bulletin also addresses two high severity vulnerabilities.
Remediation advice
Affected organisations are strongly encouraged to review Veeam Security Bulletin KB4830 and apply the relevant update as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 12 March 2026 2:19 pm