{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21671", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-02T15:00:02.872Z", "datePublished": "2026-03-12T15:09:39.209Z", "dateUpdated": "2026-03-13T03:55:46.681Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Software Appliance", "versions": [{"version": "13.0.1", "status": "affected", "lessThan": "13.0.1", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4831"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.209Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-21671"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T03:55:46.681Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21671", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T15:27:38.574041Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:28:05.309Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "Veeam", "product": "Software Appliance", "versions": [{"status": "affected", "version": "13.0.1", "lessThan": "13.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4831"}], "descriptions": [{"lang": "en", "value": "A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.209Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21671", "state": "PUBLISHED", "dateUpdated": "2026-03-12T15:28:15.976Z", "dateReserved": "2026-01-02T15:00:02.872Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-03-12T15:09:39.209Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F7C6B2B-8DFE-4FF7-A990-04BB209D5031", "versionEndIncluding": "13.0.1.1071", "versionStartIncluding": "13.0.0.496", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication."}, {"lang": "es", "value": "Una vulnerabilidad que permite a un usuario autenticado con el rol de Administrador de Copias de Seguridad realizar ejecuci\u00f3n remota de c\u00f3digo (RCE) en implementaciones de alta disponibilidad (HA) de Veeam Backup & Replication."}], "id": "CVE-2026-21671", "lastModified": "2026-03-31T13:17:32.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-03-12T15:16:13.630", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://www.veeam.com/kb4831"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[13.0.1,13.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Software Appliance", "source": "cna", "vendor": "Veeam"}, "product": "software_appliance", "vendor": "veeam"}], "analysis": {"en": {"generated_at": "2026-03-31T05:51:17.887726+00:00", "value": {"mitigation_remediation": ["Apply the Veeam patch or upgrade to a version that fixes the flaw, as detailed in the official KB article.", "Restrict network access to the Veeam backup appliance by enforcing firewall rules or VPN isolation for Backup Administrator accounts.", "Disable or restrict the HA components if not needed, until a patch is applied.", "Monitor system logs for suspicious activity related to backup administration and RCE attempts.", "Ensure that all Backup Administrator accounts use strong, unique credentials and enable multi\u2011factor authentication if available."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The issue affects Veeam backup appliances running the Veeam Backup & Replication suite used in high\u2011availability deployments. The vendor product listed is Veeam Software Appliance, but no specific version ranges are supplied in the public advisory. Administrators should verify whether their environment includes a HA configuration and refer to the official Veeam knowledge base article for details on affected releases.", "description_and_impact": "A documented flaw in Veeam Backup & Replication's high\u2011availability configuration allows an authenticated user with a Backup Administrator role to trigger remote code execution. The vulnerability is classified as a code injection flaw (CWE\u201194). If exploited, the attacker can run arbitrary commands with the privileges of the backup appliance, potentially compromising the entire backup infrastructure and any protected data it holds. This can lead to full system compromise, data loss, or malicious data exfiltration.", "risk_and_exploitability": "The CVSS score of 9.1 denotes a high severity flaw, but the EPSS score indicates that exploitation is currently considered unlikely (less than 1% probability), and the vulnerability is not yet recorded in the CISA KEV catalog. Attackers would need valid backup\u2011administrator credentials and network access to the HA component. Once authenticated, exploitation can be performed over the network, so protecting administrative accounts and restricting exposure of the backup appliance remains critical."}}}}, "created": "2026-03-13T09:53:05.061649+00:00", "updated": "2026-03-31T20:09:33.322531+00:00", "vendors": ["veeam", "veeam$PRODUCT$software_appliance"]}