Skip to main content

Veeam Agent CVE-2026-32996

| EUVDEUVD-2026-32712 HIGH
Insertion of Sensitive Information into Log File (CWE-532)
2026-05-28 hackerone GHSA-3xr7-767q-qr44
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 28, 2026 - 07:00 vuln.today
CVSS changed
May 28, 2026 - 05:22 NVD
7.3 (HIGH)
CVE Published
May 28, 2026 - 04:01 nvd
UNKNOWN (no severity yet)
CVE Published
May 28, 2026 - 04:01 nvd
HIGH 7.3

DescriptionCVE.org

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

AnalysisAI

Local privilege escalation in Veeam Agent for Microsoft Windows enables a low-privileged authenticated user to escalate to higher privileges on the host, with the CWE-532 mapping indicating sensitive information is exposed via log files that the attacker can read or abuse. CVSS 4.0 base score is 7.3 with high impact to confidentiality, integrity, and availability of the vulnerable component, and no public exploit identified at time of analysis. The flaw is tied to the broader Veeam Backup and Replication 13 ecosystem (≤13.0.1 per ENISA EUVD), making it relevant on any Windows endpoint where the Veeam Agent is deployed alongside or as part of that platform.

Technical ContextAI

Veeam Agent for Microsoft Windows is the endpoint backup client used by Veeam Backup and Replication to capture image-level and file-level backups of Windows workloads, running with elevated service privileges to access protected volumes, VSS, and credential material. CWE-532 (Insertion of Sensitive Information into Log File) indicates the root cause class: the agent or an associated service writes secrets - likely credentials, tokens, or process context used by the backup service - into a log file whose ACLs or location allow a local low-privileged user to read it and reuse the material to act as the higher-privileged service identity. The CPE binds the issue to cpe:2.3:a:veeam:backup_and_replication, reflecting that the agent ships as a component of Veeam Backup and Replication 13, so any Windows host running an agent from that release line is in scope.

RemediationAI

Patch available per vendor advisory at https://www.veeam.com/kb4852 - upgrade Veeam Backup and Replication 13 (and the bundled Veeam Agent for Microsoft Windows) past 13.0.1 to the fixed build referenced in KB4852, since the source data does not name an exact fixed version string to quote verbatim. As compensating controls until patching, restrict interactive and remote logon to Veeam-protected Windows hosts to administrative users only (which neutralizes the PR:L precondition), tighten ACLs on the Veeam Agent log directories so only SYSTEM and local administrators can read them, rotate any service or repository credentials that may have been exposed in pre-patch logs, and purge or secure-archive existing log files; note that aggressive log-directory ACL changes can break support diagnostics and log-collection scripts, so coordinate with backup operations before applying.

Share

CVE-2026-32996 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy