A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HVeeam Backup \& Replication
APPVeeam13.0.0.496 – 13.0.1.1071
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
References
Related vulnerabilities
CVE-2024-40711CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Krytyczne RCE przez deserialization w Veeam Backup & Replication
CVE-2022-26501CRITICAL9.8⚠ KEVten sam produkt
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
CVE-2026-21667CRITICAL9.9PL ✓ten sam produkt
RCE w Veeam Backup & Replication dla uwierzytelnionego użytkownika domenowego
CVE-2026-21666CRITICAL9.9PL ✓ten sam produkt
RCE dla uwierzytelnionego użytkownika domenowego w Veeam Backup & Replication
CVE-2026-21669CRITICAL9.9PL ✓ten sam produkt
RCE w Veeam Backup & Replication dla uwierzytelnionych użytkowników domenowych