Executive Summary

CVE-2026-21666 is a critical security vulnerability found in Veeam Backup & Replication versions 12.3.2.4165 and earlier 12.x builds. It allows an authenticated domain user to execute remote code on the Backup Server. This means that someone with valid domain credentials can run arbitrary code remotely on the server responsible for backups.

The vulnerability has a very high severity score of 9.9 out of 10 according to CVSS v3.1, indicating it is easy to exploit over the network with low complexity and no user interaction required. It impacts confidentiality, integrity, and availability of the system.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution on your Backup Server by an authenticated domain user. This could lead to full compromise of the backup infrastructure.

• Loss of confidentiality due to potential data exposure.
• Loss of integrity as attackers could modify backup data or system configurations.
• Loss of availability if the backup server is disrupted or taken offline.

Overall, this vulnerability could allow attackers to control backup operations, potentially leading to data loss, ransomware attacks, or disruption of disaster recovery processes.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

I don't know

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate CVE-2026-21666, customers are strongly advised to update Veeam Backup & Replication to version 12.3.2.4465 immediately.

This update resolves the critical remote code execution vulnerability and includes fixes for multiple other critical and high-severity issues.

Useful 0 Not Useful 0