CVE-2026-21671 | THREATINT

Description

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

PUBLISHED Reserved 2026-01-02 | Published 2026-03-12 | Updated 2026-03-13 | Assigner hackerone

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Product status

Default status

unaffected

13.0.1 (semver) before 13.0.1

affected

References

www.veeam.com/kb4831

cve.org (CVE-2026-21671)

nvd.nist.gov (CVE-2026-21671)

Download JSON