Home / Vulnerability Intelligence / CVE-2026-21667

CVE-2026-21667 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 12, 2026

Backup Server - Remote Code Execution

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

Backup Server contains a remote code execution caused by insufficient access control, letting authenticated domain users execute arbitrary code remotely, exploit requires authenticated domain user access.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 36.6%(Probability of exploitation in next 30 days)

Impact

Authenticated domain users can execute arbitrary code remotely, potentially compromising the backup server.

Mitigation

Update to the latest version of Backup Server.

References

https://www.veeam.com/kb4830

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 12, 2026

🔴 CVE-2026-21667 - Critical (9.9) A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21667/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-21667
Severity: Critical
CVSS Score: 9.9
Type: remote_code_execution
Status: unconfirmed
EPSS: 36.6%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

36.6%Probability of exploitation in the next 30 days