Veeam has reported several vulnerabilities in its products that can enable remote attackers to execute arbitrary code. The flaws affect Veeam ONE versions older than 13.0.2.6723 and Service Provider Console releases before 9.2.1.33875 and before 9.2.0.33215. An unspecified security issue also exists. The vulnerabilities are identified under CVE‑2026‑32998. Users of affected versions are advised to apply patches from Veeam’s security bulletins KB4853, KB4856 and KB4858. The vendor’s updates address the risk of code execution and the unspecified issue. Administrators should review the bulletins and update their systems promptly to mitigate the threat. These vulnerabilities were disclosed in a security bulletin released on 27 May 2026. The bulletin lists mitigation steps and recommends upgrading to the latest software versions. The CERT‑FR has issued this advisory to alert users.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.