CVE-2026-21671

Critical

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high…

hackerone·CWE-693·Published 2026-03-12

CVSS

9.1

EPSS

0.01

KEV

Exploits

cve.orgen

189 chars

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

NVDen

189 chars

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

Una vulnerabilidad que permite a un usuario autenticado con el rol de Administrador de Copias de Seguridad realizar ejecución remota de código (RCE) en implementaciones de alta disponibilidad (HA) de Veeam Backup & Replication.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Secondary	NVD	9.1	2.3	6.0	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H