On March 12, 2026, Veeam released fixes for multiple high and critical severity vulnerabilities in their Backup & Replication product that could allow remote code execution (RCE), privilege escalation, and credential theft.

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

On March 12, 2026, Veeam released patches for five high and critical severity vulnerabilities in Veeam Backup & Replication. The flaws include two critical RCE vulnerabilities (CVE-2026-21669, CVSS 9.9 and CVE-2026-21708, CVSS 9.9), one critical RCE in HA deployments (CVE-2026-21671, CVSS 9.1), SSH credential extraction (CVE-2026-21670, CVSS 7.7), and local privilege escalation on Windows (CVE-2026-21672, CVSS 8.8). No public exploits or active exploitation have been observed yet, but Veeam products have historically been targeted by ransomware groups like Akira and Fog. Organizations are strongly advised to upgrade to version 13.0.1.2067 or later.

Multiple Authenticated High and Critical Vulnerabilities in Veeam Backup & Replication