Threat Advisory

Veeam Service Provider Console Vulnerability Allows RCE

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Veeam's Service Provider Console, Veeam Agent for Microsoft Windows, and Veeam Software Appliance. The flaws span remote code execution, local privilege escalation, and arbitrary file write. Exploitation could allow attackers to run malicious code on the management console, elevate low‑privilege users to full administrative control on Windows hosts, or modify critical system files on Linux‑based backup appliances. Such breaches jeopardize data integrity, confidentiality, and service availability, potentially leading to unauthorized data exposure, operational disruption, and regulatory compliance violations for organizations relying on Veeam for backup and disaster recovery.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Veeam's Service Provider Console, Veeam Agent for Microsoft Windows, and Veeam Software Appliance. The flaws span remote code execution, local privilege escalation, and arbitrary file write. Exploitation could allow attackers to run malicious code on the management console, elevate low‑privilege users to full administrative control on Windows hosts, or modify critical system files on Linux‑based backup appliances. Such breaches jeopardize data integrity, confidentiality, and service availability, potentially leading to unauthorized data exposure, operational disruption, and regulatory compliance violations for organizations relying on Veeam for backup and disaster recovery.[emaillocker id="1283"]

  • CVE-2026-32998 – An unsafe script execution parameter in the Service Provider Console’s automated alert system enables remote attackers to inject and execute arbitrary code; exploitation requires network access to the console interface.
  • CVE-2026-32996 – A local privilege escalation flaw in Veeam Agent for Microsoft Windows permits a low‑privilege user to gain administrative rights on the host; the attacker must already have a foothold on the system.
  • CVE-2026-32997 – An arbitrary file write vulnerability in the Veeam Software Appliance allows an authenticated backup administrator to alter system files; exploitation requires valid administrator credentials.

The combined risk is high, with the potential for full compromise of backup infrastructure and loss of critical data. Immediate attention is required to prevent attackers from leveraging these weaknesses to disrupt services, breach data confidentiality, and incur significant financial and reputational damage.

RECOMMENDATION:

  • We recommend you to update Veeam Service Provider Console to version 9.2.1.33875.
  • We recommend you to update Veeam Software Appliance to version 13.0.2.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/veeam-security-vulnerabilities-patches/

[/emaillocker]
crossmenu