RCE in Veeam Backup And Replication

CVE-2026-21709

A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (1.5th percentile) — read the EPSS interpretation.

Affected products

Veeam Backup And Replication — versions 12
Veeam Software Appliance — versions 13

Weakness classification (CWE)

CWE-77 — Command Injection

References