Path Traversal in Veeam Backup And Replication

CVE-2026-32997

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.

EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.

Affected products

Veeam Backup And Replication — versions 13

Weakness classification (CWE)

CWE-36 — Absolute Path Traversal

References

support@hackerone.com