PT-2026-25006 · Veeam · Backup/Recovery+1
Publicado
2026-03-12
·
Atualizado
2026-05-10
·
CVE-2026-21708
CVSS v3.1
9.9
Crítica
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Veeam Backup and Recovery (affected versions not specified)
Description
A flaw exists that allows a Backup Viewer to execute code remotely as the
postgres user. This issue has a CVSS score of 10.0 and is considered critical. The vulnerability could allow for remote code execution, potentially impacting backup infrastructure. No information is available regarding the number of affected devices or real-world incidents. The vulnerability affects the functionality related to Backup Viewers and their interaction with the postgres user account.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Backup/Recovery
Backup/Replication