On 12 March 2026, Veeam released fixes for multiple high and critical severity vulnerabilities in their Backup & Replication product that could allow remote code execution (RCE), privilege escalation, and credential theft.
| Vulnerability | CVSS | Description |
| CVE-2026-21669 | Critical (9.9) | Allows an authenticated threat actor with domain user access to perform RCE on the Backup Server. |
| ...
