CVE Field Guide
About Us
CVE-2026-32998
PUBLISHED
Assigner:
hackerone
Reserved:
17.03.2026
Published:
28.05.2026
Updated:
28.05.2026
This vulnerability in Veeam Service Provider Console allows for remote code execution.
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score:
9.4
CVSS score
9.4
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
High
Confidentiality
High
Attack Complexity
Low
Integrity
High
Integrity
High
Attack Requirements
None
Availability
High
Availability
High
Privileges Required
Low
User Interaction
None
CVSS 4.0
Product Status
Vendor
Veeam
Product
Service Provider Console
Versions
Default:
unaffected
affected from 9 to 9.2 (incl.)
References
https://www.veeam.com/kb4853
Problem Types
CWE-233 Improper Handling of Parameters
CWE