CVE-2026-21666 PUBLISHED

Assigner: hackerone
Reserved: 02.01.2026 Published: 12.03.2026 Updated: 13.03.2026

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Product Status

Vendor Veeam
Product Backup and Replication
Versions Default: unaffected
  • affected from 12.3.2 to 12.3.2 (excl.)

References