CVE-2026-21708 PUBLISHED

Assigner: hackerone
Reserved: 04.01.2026 Published: 12.03.2026 Updated: 13.03.2026

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Product Status

Vendor Veeam
Product Backup and Recovery
Versions Default: unaffected
  • affected from 12.3.2 to 12.3.2 (excl.)
  • affected from 13.0.1 to 13.0.1 (excl.)

References