PT-2026-25006 · Veeam · Backup/Recovery+1

Publicado

2026-03-12

·

Atualizado

2026-05-10

·

CVE-2026-21708

CVSS v3.1

9.9

Crítica

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Name of the Vulnerable Software and Affected Versions Veeam Backup and Recovery (affected versions not specified)
Description A flaw exists that allows a Backup Viewer to execute code remotely as the postgres user. This issue has a CVSS score of 10.0 and is considered critical. The vulnerability could allow for remote code execution, potentially impacting backup infrastructure. No information is available regarding the number of affected devices or real-world incidents. The vulnerability affects the functionality related to Backup Viewers and their interaction with the postgres user account.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-21708

Produtos afetados

Backup/Recovery
Backup/Replication