CVE-2026-21667
Published: 12 March 2026
Description
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires timely patching of the Veeam Backup Server vulnerability, directly preventing RCE exploitation by authenticated domain users.
Access enforcement directly addresses the improper access control (CWE-284) flaw enabling low-privilege users to achieve RCE on the backup server.
Least privilege limits the access of authenticated domain users to the backup server, reducing the attack surface for this RCE vulnerability.
Security SummaryAI
CVE-2026-21667 is a critical vulnerability in the Veeam Backup Server that enables an authenticated domain user to execute remote code (RCE). Classified under CWE-284 (Improper Access Control), it carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and potential for complete confidentiality, integrity, and availability compromise with a changed scope.
An attacker with low-privilege access as an authenticated domain user can exploit this vulnerability remotely without user interaction. Successful exploitation grants arbitrary code execution on the Backup Server, potentially allowing full system compromise, data exfiltration, or lateral movement within the environment.
Veeam has published mitigation guidance in knowledge base article KB4830, available at https://www.veeam.com/kb4830. Security practitioners should consult this advisory for patching instructions and workarounds to address the vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote code execution on Veeam Backup Server via improper access control for authenticated low-privilege domain users, directly facilitating Exploitation of Remote Services (T1210) and Exploitation for Privilege Escalation (T1068).