CVE-2026-32998
Deferred Deferred - Pending Action
Remote Code Execution in Veeam Service Provider Console

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: HackerOne

Description
This vulnerability in Veeam Service Provider Console allows for remote code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-32998
EUVD
EUVD-2026-32714
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
veeam service_provider_console to 9.2.1.33875 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-233 The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation involves disabling script execution in alarms and restarting the relevant service before applying the official update.

  • Set the "AlarmManagement_ScriptExecutionEnabled" value in configuration.overrides.json to False.
  • Restart the Veeam Management Portal Service to apply the change.
  • Upgrade Veeam Service Provider Console to version 9.2.1.33875 or later, which contains the fix for this vulnerability.
Executive Summary

CVE-2026-32998 is a critical vulnerability in Veeam Service Provider Console (VSPC) versions 9.2.0.33215 and earlier that allows for remote code execution.

The vulnerability arises from the ability to execute scripts within alarms, which is disabled by default unless alarms with script execution actions are already configured.

If the configuration value "AlarmManagement_ScriptExecutionEnabled" is set to True, the system is vulnerable.

Mitigation involves setting this value to False and restarting the Veeam Management Portal Service before upgrading to VSPC version 9.2.1.33875, which fixes the issue.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary code remotely on the affected Veeam Service Provider Console system.

Such remote code execution can lead to full compromise of the system, potentially allowing attackers to control, manipulate, or disrupt services.

Given the high CVSS score of 9.4, the impact is severe and could result in significant operational and security risks.

Detection Guidance

To detect if your Veeam Service Provider Console instance is affected by CVE-2026-32998, check the configuration setting related to script execution in alarms.

  • Review the value of "AlarmManagement_ScriptExecutionEnabled" in the configuration.overrides.json file.
  • If this value is set to True, the vulnerability is present.

A suggested command to check this setting could be using a command-line tool or text editor to view the configuration file, for example:

  • On Linux or Windows with appropriate tools: `grep AlarmManagement_ScriptExecutionEnabled configuration.overrides.json`
  • Or open the configuration.overrides.json file in a text editor and search for "AlarmManagement_ScriptExecutionEnabled".
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32998. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart