{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21670", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-02T15:00:02.871Z", "datePublished": "2026-03-12T15:09:39.200Z", "dateUpdated": "2026-03-12T15:34:25.911Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Backup and Replication", "versions": [{"version": "13.0.1", "status": "affected", "lessThan": "13.0.1", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4831"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.200Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T15:32:35.171553Z", "id": "CVE-2026-21670", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:34:25.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21670", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T15:32:35.171553Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:34:20.910Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}}], "affected": [{"vendor": "Veeam", "product": "Backup and Replication", "versions": [{"status": "affected", "version": "13.0.1", "lessThan": "13.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4831"}], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.200Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21670", "state": "PUBLISHED", "dateUpdated": "2026-03-12T15:34:25.911Z", "dateReserved": "2026-01-02T15:00:02.871Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-03-12T15:09:39.200Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}], "id": "CVE-2026-21670", "lastModified": "2026-03-12T21:07:53.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-03-12T15:16:13.510", "references": [{"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4831"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[13.0.1,13.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Backup and Replication", "source": "cna", "vendor": "Veeam"}, "product": "backup_and_replication", "vendor": "veeam"}], "analysis": {"en": {"generated_at": "2026-03-25T13:46:07.466286+00:00", "value": {"mitigation_remediation": ["Update Veeam Backup and Replication to the latest release or apply the vendor\u2011issued patch that addresses credential storage security.", "If a patch is unavailable, remove the stored SSH credentials from the configuration and re\u2011enter them with a stronger protection method or encrypt them if supported.", "Restrict local user permissions on the backup server to exclude read access to configuration files that contain SSH passwords.", "Audit the system for unnecessary low\u2011privileged accounts and remove them.", "Configure the backup appliance to enforce role\u2011based access controls for all configuration management functions."], "summary": {"action": "Patch Now", "impact": "Credential Access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Veeam Backup and Replication product line. No specific version information is provided, so any deployed instance of this product is potentially affected.", "description_and_impact": "A low\u2011privileged user can extract SSH credentials that the Veeam Backup and Replication system has stored for connecting to protected hosts. This allows an attacker to obtain sensitive authentication data and potentially use those credentials to gain remote access to the protected environment. The weakness corresponds to information exposure and missing authorization controls.", "risk_and_exploitability": "The CVSS score of 7.7 indicates a high impact if exploited. The EPSS score is below 1\u202f%, suggesting that exploitation is unlikely at this time, but the vulnerability is still serious because it allows credential theft. It is not listed in CISA\u2019s KEV catalog, so no known exploit has been reported. Based on the description, the attack vector is local: an individual with low\u2011privileged access to the backup appliance can read the stored credential files and retrieve the SSH passwords."}}}}, "created": "2026-03-13T09:53:05.891627+00:00", "updated": "2026-03-25T14:44:48.000780+00:00", "vendors": ["veeam", "veeam$PRODUCT$backup_and_replication"]}