Threat Intelligence / CVE / CVE-2026-21708

CVE-2026-21708

CVSS 9.9 (CRITICAL) · EPSS 1.1% · Published 2026-03-12

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Threats tracking this CVE

Veeam Backup & Replication 8 Critical Vulnerabilities — Domain User to Backup Server RCE (CVE-2026-21666, CVE-2026-21667, CVE-2026-21669, CVE-2026-21708) — CRITICAL

References

Full detection coverage & IOCs for threats exploiting CVE-2026-21708 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence