Veeam backup \& replication

This hub aggregates every CVE we track for Veeam backup \& replication, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Veeam backup \& replication.

• CVE-2026-21708A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.9.9Mar 12, 2026
• CVE-2026-21669A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
• CVE-2026-21667A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
• CVE-2026-21668A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.8.8Mar 12, 2026
• CVE-2026-21666A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
• CVE-2026-21671A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.9.1Mar 12, 2026
• CVE-2026-21670A vulnerability allowing a low-privileged user to extract saved SSH credentials.7.7Mar 12, 2026
• CVE-2025-59469This vulnerability allows a Backup or Tape Operator to write files as root.9.0Jan 8, 2026
• CVE-2025-59468This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.9.0Jan 8, 2026
• CVE-2025-59470This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.9.0Jan 8, 2026
• CVE-2025-55125This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.7.8Jan 8, 2026
• CVE-2025-48983A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.9.9Oct 30, 2025
• CVE-2025-48984A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.8.8Oct 30, 2025
• CVE-2025-24286A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.7.2Jun 18, 2025
• CVE-2025-23121A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user8.8Jun 18, 2025