A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Description

Affected Products

Vendor	Product	Versions
veeam	veeam_backup_\&_replication	< 12.3.2.4465

References

https://www.veeam.com/kb4830(Vendor Advisory)

CVSS 3.19.9 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

12.3.2.4465

CWECWE-284

PublishedMar 12, 2026

Last enriched56d ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-32998EXP

CVE-2026-32998: This vulnerability in Veeam Service Provider Console allows for remote code execution.

Trending: 62

NONECVE-2026-32997EXP

CVE-2026-32997: A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-base

Trending: 60

NONECVE-2026-32996

CVE-2026-32996: This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

Trending: 47

PRE-CVE

Multiple vulnerabilities in Veeam Backup and Recovery Orchestrator products

Trending: 20

MEDIUMCVE-2026-21709

CVE-2026-21709: A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 12, 2026

Patch Available

Mar 31, 2026

Discovered by ZDM

Apr 1, 2026