Threat Intelligence / CVE / CVE-2026-21671

CVE-2026-21671

CVSS 9.1 (CRITICAL) · EPSS 0.3% · Published 2026-03-12

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-94

Threats tracking this CVE

Veeam Backup & Replication 8 Critical Vulnerabilities — Domain User to Backup Server RCE (CVE-2026-21666, CVE-2026-21667, CVE-2026-21669, CVE-2026-21708) — CRITICAL

References

https://www.veeam.com/kb4831

Full detection coverage & IOCs for threats exploiting CVE-2026-21671 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence