Administrators overseeing Veeam Backup & Replication are urged to act swiftly in updating their applications due to critical security vulnerabilities affecting both Veeam Agent for Microsoft Windows and Veeam Software Appliance on Linux servers. Failure to address these issues could leave systems open to potential attacks.
Two Dangers
The developers have issued a warning highlighting two significant vulnerabilities. The first, identified as CVE-2026-32996, poses a high risk to the Veeam Agent for Microsoft. If exploited, this vulnerability could enable attackers to gain elevated user privileges locally through an unspecified method.
The second vulnerability, CVE-2026-32997, also classified as high, affects the Veeam Software Appliance on Linux servers. In this case, attackers would need to be logged in as backup administrators to drop malicious, code-infected files onto the servers, making the attack somewhat more complex.
All versions of Veeam Backup & Replication up to and including 13.0.1.2067 are reportedly vulnerable. However, the developers have assured users that these vulnerabilities have been addressed in the latest release, version 13.0.2.29. Notably, the warning did not indicate any current exploitation of these vulnerabilities by attackers.
URL of this article:
https://www.heise.de/-11310339
Links in this article:
-
<li class="footnotesitem”>
Veeam Knowledge Base
<li class="footnotesitem”>
<a href="https://pro.heise.de/security/?LPID=39555HS1L0001274169990&wtmc=disp.fd.security-pro.securitypro24.disp.disp.disp”>Heise Security News
<li class="footnotesitem”>
Contact Heise
<li class="footnotesitem”>
Heise on Facebook
<li class="footnotesitem”>
Heise on LinkedIn
<li class="footnotesitem”>
Heise on Twitter
<li class="footnotesitem”>
Full Security Update Article
Copyright © 2026 Heise Medien
