Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21666 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-03-31 | N/A | 9.9 CRITICAL |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | |||||
| CVE-2026-21667 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-03-31 | N/A | 9.9 CRITICAL |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | |||||
| CVE-2026-21668 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-03-31 | N/A | 8.8 HIGH |
| A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | |||||
| CVE-2026-21669 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-03-31 | N/A | 9.9 CRITICAL |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | |||||
| CVE-2026-21670 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-03-31 | N/A | 7.7 HIGH |
| A vulnerability allowing a low-privileged user to extract saved SSH credentials. | |||||
| CVE-2026-21671 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-03-31 | N/A | 9.1 CRITICAL |
| A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. | |||||
| CVE-2025-59470 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-14 | N/A | 9.0 CRITICAL |
| This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. | |||||
| CVE-2025-59469 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-14 | N/A | 9.0 CRITICAL |
| This vulnerability allows a Backup or Tape Operator to write files as root. | |||||
| CVE-2025-59468 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-14 | N/A | 9.0 CRITICAL |
| This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. | |||||
| CVE-2025-55125 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-01-12 | N/A | 7.8 HIGH |
| This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. | |||||
| CVE-2025-48983 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-12-01 | N/A | 9.9 CRITICAL |
| A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user. | |||||
| CVE-2025-48984 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-11 | N/A | 8.8 HIGH |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. | |||||
| CVE-2023-27532 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | N/A | 7.5 HIGH |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | |||||
| CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | |||||
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 10.0 HIGH | 9.8 CRITICAL |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2024-40711 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-10-30 | N/A | 9.8 CRITICAL |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | |||||
| CVE-2025-24286 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-16 | N/A | 7.2 HIGH |
| A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. | |||||
| CVE-2025-23121 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-15 | N/A | 8.8 HIGH |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user | |||||
| CVE-2024-40715 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-11 | N/A | 7.7 HIGH |
| A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. | |||||
| CVE-2024-29849 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 9.8 CRITICAL |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | |||||