LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-21671

CVE-2026-21671 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 12, 2026

Veeam Backup & Replication - Remote Code Execution

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

Veeam Backup & Replication contains a remote code execution caused by insufficient access control in high availability deployments, letting authenticated Backup Administrator users execute arbitrary code remotely, exploit requires Backup Administrator role.

Severity & Score

Severity: Critical
CVSS Score: 9.1
EPSS Score: 20.7%(Probability of exploitation in next 30 days)

Impact

Authenticated Backup Administrator users can execute arbitrary code remotely, potentially compromising the entire backup system.

Mitigation

Update to the latest version of Veeam Backup & Replication.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 12, 2026

šŸ”“ CVE-2026-21671 - Critical (9.1) A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-21671/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 12, 2026

šŸ”“ CVE-2026-21671 - Critical (9.1) A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-21671/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 12, 2026

šŸ”“ CVE-2026-21671 - Critical (9.1) A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-21671/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 12, 2026

šŸ”“ CVE-2026-21671 - Critical (9.1) A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-21671/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-21671
Severity
Critical
CVSS Score
9.1
Type
remote_code_execution
Status
unconfirmed
EPSS
20.7%
Social Posts
4

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

20.7%Probability of exploitation in the next 30 days