{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21668", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-02T15:00:02.871Z", "datePublished": "2026-03-12T15:09:39.335Z", "dateUpdated": "2026-03-13T03:55:45.308Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Backup and Replication", "versions": [{"version": "12.3.2", "status": "affected", "lessThan": "12.3.2", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4830"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.335Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-21668"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T03:55:45.308Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21668", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T15:21:33.818023Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:25:42.569Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Veeam", "product": "Backup and Replication", "versions": [{"status": "affected", "version": "12.3.2", "lessThan": "12.3.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4830"}], "descriptions": [{"lang": "en", "value": "A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.335Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21668", "state": "PUBLISHED", "dateUpdated": "2026-03-13T03:55:45.308Z", "dateReserved": "2026-01-02T15:00:02.871Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-03-12T15:09:39.335Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository."}], "id": "CVE-2026-21668", "lastModified": "2026-03-12T21:07:53.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-03-12T15:16:13.260", "references": [{"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4830"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "12.3.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Backup and Replication", "source": "cna", "vendor": "Veeam"}, "product": "backup_and_replication", "vendor": "veeam"}], "analysis": {"en": {"generated_at": "2026-03-23T13:56:25.887905+00:00", "value": {"mitigation_remediation": ["Apply the latest Veeam Backup and Replication patch or upgrade to a corrected version (see Veeam KB4830).", "Restrict repository permissions so that only necessary domain accounts have write access.", "Disable unused domain user accounts from having backup repository permissions.", "Verify backup integrity after applying the patch.", "Monitor repository file changes for unusual activity."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized File Manipulation on Backup Repository"}, "threat_synthesis": {"affected_systems": "The flaw impacts Veeam Backup and Replication installations where backup repositories are deployed. No specific release numbers are listed, so all supported versions that expose repository access should be considered at risk until a vendor patch is applied.", "description_and_impact": "An authorization flaw allows an authenticated domain user to bypass file\u2011level restrictions on a Veeam Backup and Replication repository, enabling arbitrary modification of backup files. This leads to data integrity compromise and potential data loss or leakage. The weakness is a missing privilege check (CWE\u2011284) combined with incorrect file permissions (CWE\u2011732).", "risk_and_exploitability": "The CVSS score of 8.8 denotes high severity, and the low EPSS score (<1%) indicates that an exploit is unlikely to be widely used in the wild. The vulnerability is not in the CISA KEV catalog. The likely attack vector is an authenticated domain user with write access to the repository; exploitation requires such a legitimate account. If an attacker gains this account, they can alter, delete, or corrupt backups, potentially leading to data loss or inability to restore services."}}}}, "created": "2026-03-13T09:53:03.150000+00:00", "updated": "2026-03-24T10:39:52.747909+00:00", "vendors": ["veeam", "veeam$PRODUCT$backup_and_replication"]}