CVE-2026-21670

Modified Modified - Updated After Analysis

Credential Exposure via Privilege Escalation in SSH Client

Publication date: 2026-03-12

Last updated on: 2026-05-10

Assigner: HackerOne

Description

A vulnerability allowing a low-privileged user to extract saved SSH credentials.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-12

Last Modified

2026-05-10

Generated

2026-06-16

AI Q&A

2026-03-12

EPSS Evaluated

2026-06-15

NVD

CVE-2026-21670

EUVD

EUVD-2026-11581

Affected Vendors & Products

Vendor	Product	Version / Range
veeam	veeam_backup_&_replication	From 13.0.0.496 (inc) to 13.0.1.1071 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-522	The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Attack-Flow Graph

Executive Summary

This vulnerability allows a low-privileged user to extract saved SSH credentials from a system.

Impact Analysis

An attacker exploiting this vulnerability could gain access to sensitive SSH credentials, potentially allowing unauthorized access to systems and compromising confidentiality.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-21670. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-21670

Credential Exposure via Privilege Escalation in SSH Client

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart