CVE-2026-32996
Local Privilege Escalation in Veeam Agent for Microsoft Windows
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: HackerOne
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| veeam | agent_for_microsoft_windows | to 13.0.1.2067 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32996 is a high-severity vulnerability in Veeam Agent for Microsoft Windows that allows for local privilege escalation.
This means that an attacker with limited access to the system could exploit this vulnerability to gain higher privileges, potentially allowing them to perform actions that are normally restricted.
The vulnerability affects all versions of Veeam Agent for Microsoft Windows up to and including 13.0.1.2067 and was resolved in version 13.0.2.29.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with local access to escalate their privileges on your system.
With elevated privileges, the attacker could gain unauthorized control over system resources, potentially leading to data compromise, unauthorized changes, or disruption of services.
To mitigate this risk, it is important to update Veeam Agent for Microsoft Windows to version 13.0.2.29 or later.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-32996 vulnerability in Veeam Agent for Microsoft Windows, users should update to the latest version of the software.
- Upgrade to Veeam Backup & Replication version 13.0.2.29 or later, where the issue has been resolved.