Veeam Backup & Replication: Authenticated RCE in HA Deployments

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.1

Veeam Backup & Replication: Authenticated RCE in HA Deployments

CVE-2026-21671

Summary

In high availability deployments of Veeam Backup & Replication, an attacker with the Backup Administrator role can execute malicious code, which can lead to unauthorized access and control of the system. This is a serious security risk that can allow an attacker to disrupt or compromise the backup and replication process. It's essential to update to the latest version to mitigate this vulnerability.

Original title

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

Original description

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

nvd CVSS3.1 9.1

https://www.veeam.com/kb4831

Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026