Microsoft Windows Backup Server Remote Code Execution Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.9

Microsoft Windows Backup Server Remote Code Execution Risk

CVE-2026-21666

Summary

A security flaw in Microsoft Windows Backup Server allows a malicious user to execute unauthorized code on the server, potentially stealing sensitive data or disrupting operations. This affects Microsoft Windows Backup Server users with administrative access, and it's essential to apply the latest security patches to prevent exploitation.

Original title

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Original description

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

nvd CVSS3.1 9.9

Vulnerability type

CWE-284 Improper Access Control

https://www.veeam.com/kb4830

Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026