VYPR

Veeam Backup \& Replication

by Veeam

CVEs (35)

  • CVE-2026-21708CriMar 12, 2026
    risk 0.64cvss 9.9epss 0.01

    A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

  • CVE-2026-21669CriMar 12, 2026
    risk 0.64cvss 9.9epss 0.01

    A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

  • CVE-2026-21671CriMar 12, 2026
    risk 0.59cvss 9.1epss 0.01

    A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

  • CVE-2026-21672HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.

  • CVE-2026-21668HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.

  • CVE-2026-32997HigMay 28, 2026
    risk 0.56cvss epss 0.01

    A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.

  • CVE-2025-32406HigApr 8, 2025
    risk 0.56cvss 8.6epss 0.00

    An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response.

  • CVE-2026-21670HigMar 12, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability allowing a low-privileged user to extract saved SSH credentials.

  • CVE-2023-27532KEVMar 10, 2023
    risk 0.25cvss epss 0.78

    Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

  • CVE-2022-26501KEVMar 17, 2022
    risk 0.24cvss epss 0.04

    Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).

  • CVE-2024-48248KEVMar 4, 2025
    risk 0.20cvss epss 0.94

    NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).

  • CVE-2022-26500KEVMar 17, 2022
    risk 0.20cvss epss 0.06

    Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.

  • CVE-2024-29849May 22, 2024
    risk 0.04cvss epss 0.17

    Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

  • CVE-2026-21666Mar 12, 2026
    risk 0.00cvss epss 0.01

    A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

  • CVE-2026-21667Mar 12, 2026
    risk 0.00cvss epss 0.01

    A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

  • CVE-2025-48983Oct 30, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.

  • CVE-2025-48984Oct 30, 2025
    risk 0.00cvss epss 0.01

    A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

  • CVE-2024-45204Dec 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial…

  • CVE-2024-42451Dec 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side.…

  • CVE-2024-42453Dec 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially…

Page 1 of 2