Summaryinfo

A vulnerability classified as critical was found in Veeam Backup and Replication up to 12.3.1. This vulnerability affects unknown code. Such manipulation leads to Remote Privilege Escalation. This vulnerability is uniquely identified as CVE-2026-21668. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Veeam Backup and Replication up to 12.3.1 and classified as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a remote privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-862. The product does not perform an authorization check when an actor attempts to access a resource or perform an action. Impacted is confidentiality, integrity, and availability. CVE summarizes:

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.

The advisory is shared for download at veeam.com. This vulnerability is handled as CVE-2026-21668 since 01/02/2026. The exploitation is known to be easy. The attack may be launched remotely. There are neither technical details nor an exploit publicly available.

Upgrading to version 12.3.2 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2026-0709). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Affected

• Veeam Backup & Replication

Productinfo

Type

• Backup Software

Vendor

• Veeam

Name

• Backup and Replication

Version

• 12.3.0
• 12.3.1

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion