**Veeam** has released crucial security patches to remediate several critical vulnerabilities affecting its Backup & Replication software. These flaws, if exploited, could allow attackers to execute arbitrary code remotely and compromise sensitive data. ### Vulnerability Details The vulnerabilities addressed by this update include: * **CVE-2026-21666** (CVSS score: 9.9) - Remote Code Execution (RCE) vulnerability exploitable by an authenticated domain user on the Backup Server. * **CVE-2026-21667** (CVSS score: 9.9) - Another RCE vulnerability, also exploitable by an authenticated domain user on the Backup Server. * **CVE-2026-21668** (CVSS score: 8.8) - Allows authenticated domain users to bypass restrictions and manipulate arbitrary files on a Backup Repository. * **CVE-2026-21672** (CVSS score: 8.8) - Local privilege escalation on Windows-based **Veeam** Backup & Replication servers. * **CVE-2026-21708** (CVSS score: 9.9) - Enables a Backup Viewer to perform remote code execution as the postgres user. These vulnerabilities affect **Veeam** Backup & Replication 12.3.2.4165 and all earlier version 12 builds. The issues have been resolved in version 12.3.2.4465. Additionally, **CVE-2026-21672** and **CVE-2026-21708** have been fixed in Backup & Replication 13.0.1.2067, which also addresses the following critical flaws: * **CVE-2026-21669** (CVSS score: 9.9) - Yet another RCE vulnerability that can be exploited by an authenticated domain user on the Backup Server. * **CVE-2026-21671** (CVSS score: 9.1) - Allows an authenticated user with the Backup Administrator role to perform remote code execution in high availability (HA) deployments of **Veeam** Backup & Replication. ### Immediate Action Required **Veeam** strongly advises users to update their installations to the latest versions immediately. The company explicitly warned that threat actors are likely to reverse-engineer the patches to exploit unpatched systems. Given the history of **Veeam** software vulnerabilities being exploited by ransomware groups, prompt patching is crucial to mitigate potential threats and prevent data breaches.