Known Vulnerabilities for products from Veeam
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Veeam".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Veeam can be found at device.report : Veeam
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-21672 json | Not Provided | 2026-03-12 | 2026-04-17 | |
| CVE-2026-21671 json | A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in h... | Not Provided | 2026-03-12 | 2026-03-31 |
| CVE-2026-21670 json | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | Not Provided | 2026-03-12 | 2026-03-31 |
| CVE-2026-21669 json | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | Not Provided | 2026-03-12 | 2026-03-31 |
| CVE-2026-21668 json | A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repos... | Not Provided | 2026-03-12 | 2026-03-31 |
| CVE-2026-21667 json | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | Not Provided | 2026-03-12 | 2026-03-31 |
| CVE-2026-21666 json | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | Not Provided | 2026-03-12 | 2026-03-31 |
| CVE-2023-41723 json | A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The c... | 4.3 - MEDIUM | 2023-11-07 | 2023-11-14 |
| CVE-2023-38549 json | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire th... | 5.4 - MEDIUM | 2023-11-07 | 2023-11-14 |
| CVE-2023-38548 json | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire th... | 4.3 - MEDIUM | 2023-11-07 | 2023-11-14 |
| CVE-2023-38547 json | A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE use... | 9.8 - CRITICAL | 2023-11-07 | 2023-11-14 |
| CVE-2023-27532 json | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be... | 7.5 - HIGH | 2023-03-10 | 2023-03-16 |
| CVE-2022-43549 json | Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | 9.8 - CRITICAL | 2022-12-05 | 2022-12-07 |
| CVE-2022-32225 json | A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft Syst... | 6.1 - MEDIUM | 2022-07-14 | 2022-07-20 |
| CVE-2022-26504 json | Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center V... | 8.8 - HIGH | 2022-03-17 | 2022-03-24 |
| CVE-2022-26503 json | Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arb... | 7.8 - HIGH | 2022-03-17 | 2022-03-23 |
| CVE-2022-26501 json | Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | 9.8 - CRITICAL | 2022-03-17 | 2023-08-08 |
| CVE-2022-26500 json | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users... | 8.8 - HIGH | 2022-03-17 | 2023-02-02 |
| CVE-2021-35971 json | Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization du... | 9.8 - CRITICAL | 2021-06-30 | 2021-07-06 |
| CVE-2020-15518 json | VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which ... | 8.8 - HIGH | 2020-07-03 | 2021-07-21 |
Known software with vulnerabilities from Veeam
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Veeam | Backup And Replication | 5.0.2.230 |
| Application | Veeam | Backup And Replication Active Directory Restore | 5.0.2.224 |
| Application | Veeam | Backup Catalog | 5.0.2.230 |
| Hardware | Veeam | One | - |
| Application | Veeam | One | 9.5.4.4587 |
| Operating System | Veeam | One Firmware | - |
| Application | Veeam | One Reporter | 9.5.0.3201 |
| Application | Veeam | Veeam Availability Suite | 10.0 |
| Application | Veeam | Veeam Backup Amp Replication | 10.0 |