Skip to content
Search
Get A Demo
Try For Free
    Get A Demo
    Try For Free
      March 14, 2022

      Vulnerabilities (CVE-2022-26500, 2022-26501) in Veeam

      What Happened?

      Two critical vulnerabilities (CVE-2022-26500 and CVE-2022-26501) were discovered in Veeam Backup and Replication that allow potential adversaries to remotely execute code without authentication. 

      Another vulnerability, CVE-2022-26503, was discovered in Veeam Agent for Microsoft Windows that allows for local privilege escalation (LPE).

      Positive Technologies, a cybersecurity company based in South Korea, uncovered all three flaws.

      How Bad is This?

      Both remote code execution (RCE) vulnerabilities (CVE-2022-26500 and CVE-2022-26501) were issued a 9.8 rating on the CVSS scale; in other words, critical severity. RCE is one of the most dangerous types of flaws. Combined with the fact that no authentication is needed makes this a ripe attack vector for ransomware groups and other cybercriminals.

      The LPE flaw found in Veeam Agent for Microsoft Windows is less critical with 7.8 CVSS rating, but it is still considered high severity.

      Veeam Backup and Replication is a recovery solution for cloud, physical and virtual workloads. Veeam is common within SMB and MSP environments, and has high confidentiality access by design. 

      The good news is that no exploits are publicly available yet, according to a Kevin Beaumont (@GossiTheDog) tweet. However, it’s likely a matter of time until exploits are released.

      What Should I Do?

      Fortunately, there are patches available that resolve the issues; immediately patch to mitigate your risk.

      If you’re unable to patch, Veeam has offered instructions on how to temporarily mitigate the risk: 

      “Stop and disable the Veeam Distribution Service. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.”

      Try Blumira For Free

      Blumira’s cloud SIEM detects and alerts you about suspicious behavior in your environment so that you can stop an incident early enough to prevent damage. Each finding we send is accompanied with a security playbook, giving you clear recommendations on how to remediate an attack. Our support team of security analysts is always available to answer questions on how to interpret a finding, or for other security help. 

      Blumira’s free trial is easy to deploy; IT and security teams can start seeing immediate security value for their organizations.

      Tag(s): Security Alerts , Blog , CVE

      Mike Toole

      Mike Toole, Head of Security and IT at Blumira, has over a decade of experience in IT. Prior to joining Blumira, he managed IT for Duo Security and Censys. He has broad experience with a range of IT and security focus areas, including compliance, network design, log monitoring, project management, and cross-platform...

      More from the blog

      View All Posts
      Critical Microsoft SharePoint Server vulnerability
      Security Trends and Info
      9 min read | July 24, 2025

      Critical Microsoft SharePoint Server vulnerability allows unauthorized code execution

      Read More
      Security Alerts
      6 min read | July 1, 2024

      New Unauthenticated Remote Code Execution Flaw Identified in OpenSSH Server

      Read More
      Security Alerts
      5 min read | April 12, 2024

      CVE-2024-3400: Palo Alto Vulnerabilities in GlobalProtect Gateway Lead to RCE

      Read More