CVE-2026-32998
Remote Code Execution in Veeam Service Provider Console
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: HackerOne
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| veeam | service_provider_console | to 9.2.1.33875 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-233 | The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves disabling script execution in alarms and restarting the relevant service before applying the official update.
- Set the "AlarmManagement_ScriptExecutionEnabled" value in configuration.overrides.json to False.
- Restart the Veeam Management Portal Service to apply the change.
- Upgrade Veeam Service Provider Console to version 9.2.1.33875 or later, which contains the fix for this vulnerability.
Can you explain this vulnerability to me?
CVE-2026-32998 is a critical vulnerability in Veeam Service Provider Console (VSPC) versions 9.2.0.33215 and earlier that allows for remote code execution.
The vulnerability arises from the ability to execute scripts within alarms, which is disabled by default unless alarms with script execution actions are already configured.
If the configuration value "AlarmManagement_ScriptExecutionEnabled" is set to True, the system is vulnerable.
Mitigation involves setting this value to False and restarting the Veeam Management Portal Service before upgrading to VSPC version 9.2.1.33875, which fixes the issue.
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary code remotely on the affected Veeam Service Provider Console system.
Such remote code execution can lead to full compromise of the system, potentially allowing attackers to control, manipulate, or disrupt services.
Given the high CVSS score of 9.4, the impact is severe and could result in significant operational and security risks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect if your Veeam Service Provider Console instance is affected by CVE-2026-32998, check the configuration setting related to script execution in alarms.
- Review the value of "AlarmManagement_ScriptExecutionEnabled" in the configuration.overrides.json file.
- If this value is set to True, the vulnerability is present.
A suggested command to check this setting could be using a command-line tool or text editor to view the configuration file, for example:
- On Linux or Windows with appropriate tools: `grep AlarmManagement_ScriptExecutionEnabled configuration.overrides.json`
- Or open the configuration.overrides.json file in a text editor and search for "AlarmManagement_ScriptExecutionEnabled".