CVE-2026-21667

Received Received - Intake

Authenticated Remote Code Execution Vulnerability in Backup Server

Publication date: 2026-03-12

Last updated on: 2026-03-31

Assigner: HackerOne

Description

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-12

Last Modified

2026-03-31

Generated

2026-06-16

AI Q&A

2026-03-12

EPSS Evaluated

2026-06-15

NVD

CVE-2026-21667

EUVD

EUVD-2026-11576

Affected Vendors & Products

Vendor	Product	Version / Range
veeam	veeam_backup_&_replication	From 12.0.0.1402 (inc) to 12.3.2.4465 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-284	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

Executive Summary

This vulnerability allows an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Impact Analysis

The vulnerability can have a severe impact as it allows an authenticated user to execute arbitrary code remotely on the Backup Server, potentially leading to full compromise of the system.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-21667. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-21667

Authenticated Remote Code Execution Vulnerability in Backup Server

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart