What is the CVSS score of EUVD-2026-32715?

EUVD-2026-32715 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Comet Backup are affected by EUVD-2026-32715?

Comet Backup server contains a critical remote code execution vulnerability allowing tenant administrators to execute arbitrary code with elevated privileges on backup servers and connected agent…. A patch is available.

Comet Backup EUVD-2026-32715

| CVE-2026-32999 CRITICAL

Code Injection (CWE-94)

2026-05-28 hackerone

GHSA-x8w2-9wjv-3hv6

RCE Code Injection

9.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 28, 2026 - 06:01 EUVD

Analysis Updated

May 28, 2026 - 05:28 vuln.today

v3 (cvss_changed)

Analysis Updated

May 28, 2026 - 05:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 28, 2026 - 05:22 vuln.today

cvss_changed

CVSS changed

May 28, 2026 - 05:22 NVD

9.1 (CRITICAL) 9.0 (CRITICAL)

Analysis Generated

May 28, 2026 - 05:02 vuln.today

DescriptionNVD

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.

AnalysisAI

Remote code execution in Comet Backup server allows a tenant administrator to inject arbitrary code into the backup agent signing module via insufficient character filtering, ultimately running code with elevated privileges on the Comet server and on connected backup agent devices. The vendor advisory links the issue to the branding configuration path, and no public exploit has been identified at time of analysis. …

RemediationAI

Within 24 hours: Audit all Comet Backup tenant administrator role assignments and restrict branding configuration access to essential personnel; enable multi-factor authentication for all administrative access to Comet Backup systems. Within 7 days: Implement network segmentation to isolate Comet Backup infrastructure from production systems; configure enhanced audit logging for all branding configuration modifications and administrative actions; establish real-time alerts for suspicious administrator activity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32715 vulnerability details – vuln.today

Back

Comet Backup EUVD-2026-32715

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code