CVE Tools

veeam

Cloud & SaaScommercial

49

Cumulative CVEs

6

Monthly snapshots

#43

Peak rank

Top products

veeam backup \& replication7 backup and replication7 software appliance1

Latest CVEs

The 15 most recently published vulnerabilities affecting veeam.

CVE-2026-21709A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.6.7Apr 17, 2026
CVE-2026-21708A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.9.9Mar 12, 2026
CVE-2026-21672A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.8.8Mar 12, 2026
CVE-2026-21671A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.9.1Mar 12, 2026
CVE-2026-21670A vulnerability allowing a low-privileged user to extract saved SSH credentials.7.7Mar 12, 2026
CVE-2026-21669A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
CVE-2026-21668A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.8.8Mar 12, 2026
CVE-2026-21667A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
CVE-2026-21666A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
CVE-2025-59470This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.9.0Jan 8, 2026
CVE-2025-59469This vulnerability allows a Backup or Tape Operator to write files as root.9.0Jan 8, 2026
CVE-2025-59468This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.9.0Jan 8, 2026
CVE-2025-55125This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.7.8Jan 8, 2026
CVE-2025-48983A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.9.9Oct 30, 2025
CVE-2025-48982This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.7.8Oct 30, 2025