PatchSiren cyber security CVE debrief
CVE-2026-21668 Veeam CVE debrief
CVE-2026-21668 is a high-severity issue in Veeam Backup & Replication where an authenticated domain user may bypass restrictions and manipulate arbitrary files on a Backup Repository. NVD lists affected versions from 12.0.0.1402 through 12.3.2.4465. The vendor advisory referenced by NVD is available at Veeam KB4830.
- Vendor
- Veeam
- Product
- CVE-2026-21668
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-12
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-03-12
- Advisory updated
- 2026-05-10
Who should care
Organizations running Veeam Backup & Replication, especially teams responsible for backup infrastructure, repository access control, and backup integrity. Security and IT administrators should treat any environment with authenticated domain users and affected versions as in scope.
Technical summary
NVD describes the issue as a restriction-bypass flaw that allows an authenticated domain user to manipulate arbitrary files on a Backup Repository. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network reachability, low attack complexity, and impact to confidentiality, integrity, and availability. NVD maps the weakness to CWE-862 (Missing Authorization), with a secondary CWE-693 (Protection Mechanism Failure).
Defensive priority
High. The combination of authenticated access, repository file manipulation, and high impact to backup infrastructure makes this a priority remediation item for backup administrators.
Recommended defensive actions
- Review the Veeam advisory at https://www.veeam.com/kb4830 for vendor guidance and remediation steps.
- Identify whether any installed Veeam Backup & Replication instances fall within the affected version range reported by NVD: 12.0.0.1402 through 12.3.2.4465.
- Apply the vendor-recommended update or mitigation as soon as practical on affected systems.
- Audit domain-user access to backup infrastructure and repository locations, and remove any unnecessary permissions.
- Verify backup repository integrity after remediation and review for unexpected file changes or access patterns.
- Monitor authentication and administrative activity related to backup repositories for unusual manipulation attempts.
Evidence notes
This debrief is based only on the supplied NVD record and the linked Veeam advisory reference. Timing context uses the CVE published date of 2026-03-12 and modified date of 2026-05-10. Affected versions and CVSS details are taken from the NVD metadata included in the source corpus.
Official resources
-
CVE-2026-21668 CVE record
CVE.org
-
CVE-2026-21668 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE published 2026-03-12 and modified 2026-05-10. No KEV entry was provided in the source corpus.