Security update: Veeam Backup & Replication on Linux and Windows vulnerable
Vulnerabilities endanger Veeam Agent for Microsoft Windows and Veeam Software Appliance on Linux servers.
(Image: Alfa Photo/Shutterstock.com)
Admins managing the backup solution Veeam Backup & Replication should update the application promptly for security reasons. Otherwise, attackers can attack Linux and Windows systems.
Two dangers
In a warning message, the developers state that a security vulnerability (CVE-2026-32996 "high") threatens Veeam Agent for Microsoft. Successful exploitation allows attackers to gain higher user privileges locally through an unspecified method.
The second vulnerability (CVE-2026-32997 "high") affects Veeam Software Appliance on Linux servers. Here, attackers can drop malicious code-infected files on servers. However, they must be logged in as a backup administrator to do so. An attack is therefore not straightforward.
Videos by heise
All versions up to and including Veeam Backup & Replication 13.0.1.2067 are said to be affected. The developers assure that the vulnerabilities have been closed in version 13.0.2.29. The warning message contains no indications that attackers are already exploiting the vulnerabilities.
(des)
