Microsoft Exchange Backup Server allows authenticated users to execute code remotely

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.9

Microsoft Exchange Backup Server allows authenticated users to execute code remotely

CVE-2026-21669

Summary

A security flaw in the Microsoft Exchange Backup Server allows authorized users to run unauthorized commands on the server, potentially leading to system compromise. This vulnerability affects Microsoft Exchange Backup Server and requires immediate attention to prevent unauthorized access to sensitive data. Users should update their Backup Server software to the latest version to mitigate this risk.

Original title

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Original description

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

nvd CVSS3.1 9.9

https://www.veeam.com/kb4831

Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026