CVE-2026-21708

CRITICAL 9.9

CVSS Score

9.9

EPSS Score

0.9%

EPSS Percentile

76th

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

CWE	CWE-89
Vendor	veeam
Product	backup and replication
Published	Mar 12, 2026
Last Updated	May 10, 2026

Stay Ahead of the Next One

Get instant alerts for veeam backup and replication

Be the first to know when new critical vulnerabilities affecting veeam backup and replication are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Veeam / Backup and Replication

12 < 12.3.2 13 < 13.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

veeam.com: https://www.veeam.com/kb4831 veeam.com: https://www.veeam.com/kb4830