Veeam Patches Critical Remote Code Execution and Privilege Escalation Flaws

Veeam has released urgent software updates to fix several security weaknesses in its popular backup and management tools. Specifically, these new Veeam security vulnerabilities expose enterprise backup environments to unauthorized control. The flaws allow remote code execution, local privilege escalation, and arbitrary file writes. Consequently, administrators must apply the latest patches immediately to secure their infrastructure data.

Critical RCE in Service Provider Console

Technical Mechanics

To begin with, the most severe bug impacts the Veeam Service Provider Console. Tracked as CVE-2026-32998, this critical vulnerability carries a high CVSS score of 9.4. Specifically, a researcher named “putsi” discovered the flaw through the HackerOne bug bounty program. The issue involves unsafe script execution parameters within the platform’s automated alert system.

Mitigations and Fixes

Fortunately, the software vendor resolved this threat in version 9.2.1.33875. Alternatively, users can check their configurations for an immediate workaround. For instance, administrators can review the AlarmManagement_ScriptExecution Enabled value inside their local configuration JSON file. If teams change this setting to false, they completely disable the vulnerable script path. Thus, the system remains protected until full deployment occurs.

High-Severity Agent and Appliance Flaws

Windows Agent Privilege Escalation

Furthermore, the update addresses dangerous bugs in the endpoint backup tools. For example, CVE-2026-32996 describes a local privilege escalation flaw in Veeam Agent for Microsoft Windows. A researcher named “Alibabas” reported this high-severity vulnerability. Consequently, a local attacker with low permissions can abuse the agent to gain administrative control over the host.

Linux Software Appliance Vulnerability

Finally, developers patched an arbitrary file write flaw tracked as CVE-2026-32997. This specific bug impacts Linux-based backup servers operating the Veeam Software Appliance. An authenticated backup administrator can exploit this vulnerability to modify system files. Therefore, applying version 13.0.2 resolves these secondary Veeam security vulnerabilities effectively. Organizations should execute these upgrades promptly to ensure comprehensive threat defense.