Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
嗯,用户让我帮忙总结一篇文章,控制在一百个字以内,而且不需要用特定的开头。首先,我得仔细阅读文章内容。文章讲的是Veeam发布了安全更新,修复了备份和复制软件中的多个关键漏洞。这些漏洞可能导致远程代码执行,影响版本12.3.2.4165及更早版本。修复后的版本是12.3.2.4465,并且还提到了另外两个漏洞在13.0.1.2067中被修复。 用户的需求是总结内容,所以我要抓住主要点:Veeam修复了多个高危漏洞,涉及远程代码执行和权限提升,影响旧版本,建议升级到最新版本以防范威胁。 接下来,我需要确保语言简洁明了,控制在一百字以内。可能的结构是先说明修复了什么漏洞,然后提到影响的版本和建议升级。 最后检查一下是否符合要求:没有使用“文章内容总结”之类的开头,直接描述内容。 </think> Veeam修复了Backup & Replication软件中的多个高危漏洞(包括远程代码执行和权限提升),影响旧版本用户需升级至最新版本以防范潜在威胁。 2026-3-13 04:15:0 Author: thehackernews.com(查看原文) 阅读量:6 收藏

Vulnerability / Enterprise Security

Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.

The vulnerabilities are as follows -

  • CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
  • CVE-2026-21667 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
  • CVE-2026-21668 (CVSS score: 8.8) - A vulnerability that allows an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
  • CVE-2026-21672 (CVSS score: 8.8) - A vulnerability that allows local privilege escalation on Windows-based Veeam Backup & Replication servers.
  • CVE-2026-21708 (CVSS score: 9.9) - A vulnerability that allows a Backup Viewer to perform remote code execution as the postgres user.

The shortcomings, which affect Veeam Backup & Replication 12.3.2.4165 and all earlier version 12 builds, have been addressed in version 12.3.2.4465. CVE-2026-21672 and CVE-2026-21708 have also been fixed in Backup & Replication 13.0.1.2067, along with two more critical security flaws -

  • CVE-2026-21669 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
  • CVE-2026-21671 (CVSS score: 9.1) - A vulnerability that allows an authenticated user with the Backup Administrator role to perform remote code execution in high availability (HA) deployments of Veeam Backup & Replication.

"It's important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software," the company said in its advisory.

With vulnerabilities in Veeam software having been repeatedly exploited by threat actors to carry out ransomware attacks in the past, it's essential that users update their instances to the latest version to safeguard against any potential threat.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html
如有侵权请联系:admin#unsafe.sh