Vulnerabilities in Veeam
74 resultsCVE-2026-21671CRITICALA vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availabilitEPSS 1.3%CVE-2024-42024CRITICALA vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution onEPSS 1.3%CVE-2024-39714CRITICALA code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution EPSS 1.2%CVE-2026-21669CRITICALA vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.EPSS 1.2%CVE-2025-59468CRITICALThis vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious passworEPSS 1.1%CVE-2026-21666CRITICALA vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.EPSS 1.1%CVE-2026-21667CRITICALA vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.EPSS 1.1%CVE-2024-40710HIGHA series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extractiEPSS 1.1%CVE-2026-21708CRITICALA vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.EPSS 1.1%CVE-2025-48984HIGHA vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.EPSS 0.9%CVE-2024-29851HIGHVeeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.EPSS 0.9%CVE-2024-39715HIGHA code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPCEPSS 0.9%CVE-2024-38651HIGHA code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code executiEPSS 0.9%CVE-2024-38650CRITICALAn authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.EPSS 0.9%CVE-2024-39718HIGHAn improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalEPSS 0.8%CVE-2024-29850HIGHVeeam Backup Enterprise Manager allows account takeover via NTLM relay.EPSS 0.8%CVE-2025-55125HIGHThis vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuraEPSS 0.8%CVE-2025-48983CRITICALA vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructurEPSS 0.8%CVE-2024-40717HIGHA vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updaEPSS 0.7%CVE-2024-22022HIGHVulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash EPSS 0.7%