Data backup systems are one of the most important parts of an organization’s cybersecurity strategy. However, if attackers compromise backup infrastructure, they can gain powerful control over systems and even disrupt recovery efforts. Recently, Veeam released urgent security updates to fix several critical vulnerabilities in its widely used Veeam Backup & Replication platform that could allow attackers to execute malicious code remotely.
These vulnerabilities are considered highly dangerous because they could allow authenticated users to take control of backup servers, manipulate files, or escalate privileges inside enterprise networks. Security experts warn that organizations using affected versions should apply the latest patches immediately to prevent possible cyberattacks.
The security flaws impact Veeam Backup & Replication version 12.3.2.4165 and all earlier builds of version 12. If exploited successfully, attackers could gain unauthorized access to backup servers and perform malicious actions such as remote code execution.
Some of the most severe vulnerabilities include:
-
CVE-2026-21666 (CVSS 9.9) – This vulnerability allows an authenticated domain user to perform remote code execution on the backup server.
-
CVE-2026-21667 (CVSS 9.9) – Similar to the previous flaw, this bug also enables an authenticated domain user to execute malicious code remotely on the server.
-
CVE-2026-21668 (CVSS 8.8) – Attackers could bypass security restrictions and manipulate files stored in a backup repository.
-
CVE-2026-21672 (CVSS 8.8) – This issue could allow local privilege escalation on Windows-based backup servers, giving attackers higher system access.
-
CVE-2026-21708 (CVSS 9.9) – A user with Backup Viewer privileges could exploit this vulnerability to execute code as the postgres system user.
These flaws highlight the serious risks that can arise when backup infrastructure is not properly secured. Backup servers often store sensitive data and credentials, making them a valuable target for cybercriminals.
Along with patching the above vulnerabilities, Veeam also addressed additional security issues in the newer version 13.0.1.2067 release of Veeam Backup & Replication.
Two more critical vulnerabilities fixed in this version include:
-
CVE-2026-21669 (CVSS 9.9) – Allows an authenticated domain user to execute malicious code remotely on the backup server.
-
CVE-2026-21671 (CVSS 9.1) – This vulnerability affects high availability (HA) deployments, allowing users with the Backup Administrator role to execute code on the system.
The fixes aim to strengthen the security posture of organizations that rely on Veeam solutions for backup and disaster recovery.
To mitigate these issues, Veeam released version 12.3.2.4465, which includes patches for the affected version 12 vulnerabilities. Organizations running older builds are strongly advised to upgrade immediately.
The company also warned that attackers often analyze newly released patches to understand how vulnerabilities work.
According to the advisory from Veeam:
Once a vulnerability and its patch are disclosed, attackers may attempt to reverse engineer the update to find and exploit unpatched systems.
This means that systems that remain unpatched after vulnerability disclosures can quickly become easy targets for attackers.
Backup infrastructure has become a frequent target for ransomware groups in recent years. Cybercriminals often try to compromise backup systems before launching ransomware attacks so that victims cannot restore their data.
If attackers gain control of backup servers, they can:
Delete or corrupt backup files
Encrypt backups along with production data
Disable recovery mechanisms
Maintain persistent access within the network
Security researchers have observed multiple ransomware campaigns targeting vulnerabilities in backup solutions, including those affecting Veeam Backup & Replication.
Because of this, protecting backup systems is just as important as protecting production servers.
Organizations that rely on Veeam for data protection should treat these vulnerabilities as a high priority security risk. Even though some of the vulnerabilities require authenticated access, attackers often gain such access through phishing attacks, compromised credentials, or insider threats.
Once inside the network, exploiting these vulnerabilities could allow attackers to move laterally, escalate privileges, and take control of critical infrastructure.
Security teams should take the following steps immediately:
Upgrade to the latest patched versions of Veeam Backup & Replication.
Restrict access to backup servers to trusted administrators only.
Monitor backup infrastructure logs for suspicious activity.
Segment backup environments from production networks where possible.
Enable strong authentication controls to prevent unauthorized access.
Backup systems are often the last line of defense against cyberattacks. However, if these systems themselves become vulnerable, the consequences can be severe.
The latest vulnerabilities in Veeam Backup & Replication demonstrate how attackers can target backup infrastructure to gain deep access into enterprise networks. By promptly applying security updates and strengthening access controls, organizations can significantly reduce the risk of exploitation.
Interesting Article : Critical n8n Flaws Enable Remote Code Execution and Credential Theft