Home / Vulnerability Intelligence / CVE-2026-21708

CVE-2026-21708 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 12, 2026

Backup Viewer - Remote Code Execution

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

Backup Viewer contains a remote code execution caused by improper access control, letting a Backup Viewer execute arbitrary code as the postgres user, exploit requires Backup Viewer privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 53.9%(Probability of exploitation in next 30 days)

Impact

An attacker with Backup Viewer privileges can execute arbitrary code as the postgres user, potentially compromising the entire database system.

Mitigation

Update to the latest version with security patches.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 12, 2026

🔴 CVE-2026-21708 - Critical (9.9) A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21708/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-21708
Severity: Critical
CVSS Score: 9.9
Type: remote_code_execution
Status: unconfirmed
EPSS: 53.9%
Social Posts: 1

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

53.9%Probability of exploitation in the next 30 days