Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple Critical Vulnerabilities in Veeam Backup & Replication, Patch Immediately!
Image
Published : 13/03/2026
- Last update: 13/03/2026
- Affected software:
→ Veeam Backup & Replication <= 12.3.2.4165
→ Veeam Backup & Replication <= 13.0.1.1071- Type: CWE-284: Improper Access Control
- CVE/CVSS
→ CVE-2026-21666: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2026-21668: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-21669: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2026-21670: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
→ CVE-2026-21671: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2026-21672: CVSS 8.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2026-21708: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
https://www.veeam.com/kb4830
https://www.veeam.com/kb4831
Risks
The backup server is essential component in the backup infrastructure as it serves as a configuration and control center. A potential vulnerable instance can be compromised and used to take down the configured backup infrastructure, which can lead to operational issues in organizations. Attackers will target these machines to gain leverage over an organizations recovery options. A compromise can lead to a high compact on the confidentiality, integrity and availability of the machine.
Description
CVE-2026-21666 is a vulnerability in the backup server where an authenticated domain user can perform remote code execution (RCE).
CVE-2026-21668 is vulnerability where an authenticated domain user can bypass restrictions and manipulate arbitrary files on the Backup Repository.
CVE-2026-21669 is a vulnerability in the backup server where an authenticated domain user can perform remote code execution (RCE).
CVE-2026-21670 is a vulnerability allowing where a low-privileged user can extract saved SSH credentials.
CVE-2026-21671 is a vulnerability where an authenticated user with the Backup Administrator role can perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
CVE-2026-21672 is a local privilege escalation vulnerability in Windows-based Veeam Backup & Replication servers.
CVE-2026-21708 is a vulnerability where an user using Backup Viewer can achieve remote code execution as the postgres user.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2026-21666
https://nvd.nist.gov/vuln/detail/CVE-2026-21668
https://nvd.nist.gov/vuln/detail/CVE-2026-21669
https://nvd.nist.gov/vuln/detail/CVE-2026-21670
https://nvd.nist.gov/vuln/detail/CVE-2026-21671
https://nvd.nist.gov/vuln/detail/CVE-2026-21672
https://nvd.nist.gov/vuln/detail/CVE-2026-21708