CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

CVE-2024-47263

CVE-2024-47263 affects Synology Hyper Backup’s Backup.Repository webapi component. The vulnerability is a path traversal in versions prior to 4.1.2-4036 that allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information through unspec...

PT-2026-45930

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows - CVE-2026-21666 CVSS score: 9.9 - A vulnerability that allows an...

EUVD-2026-11577

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

CVE-2026-21668

Technical details about CVE-2026-21668 are not provided in the supplied documents. Monitor for updates from Veeam (KB4830) and related advisories for affected products, impact, and remediation.

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities allow an authenticated domain user to remotely execute code on the backup server, which can lead to unauthorized control of backup operations. This issue is present in the backup server environment and can be...

PT-2026-24954

Name of the Vulnerable Software and Affected Versions Veeam Backup and Replication affected versions not specified Description The software contains a flaw that allows an authenticated domain user to bypass intended restrictions. This allows manipulation of arbitrary files located on a Backup...

"Database connection settings for the Microsoft Entra ID backup repository cannot be found."

If you are encountering this error after recently upgrading to Veeam Backup & Replication 12.3, and that upgrade failed on the first attempt, and you attempted the upgrade a second time, please review the section discussing "For Customers Who Ran the Upgrade a Second Time and It Succeeded" on...

How to Move Backup Data for a File Backup or Object Storage Backup to a Different Repository

Purpose This article documents the procedure for migrating backup data created by an unstructured data backup job File Backup or Object Storage Backup from one backup repository to another backup repository so that the job can resume incremental backup operations using the new destination. Soluti...

Archive Spoofing

BorgBackup is vulnerable to Archive Spoofing. The vulnerability is due a flaw in the cryptographic authentication scheme, which could potentially allow an attacker to create fake archives and indirectly cause data loss in the backup repository...

Granular Log Collection Guide for SOBR Capacity/Archive Tier Issues

Purpose This article documents an advanced granular log collection method designed to minimize the log bundle size when submitting Veeam Support cases for issues related to the capacity tier or archive tier of a Scale-Out Backup Repository. The standard method of collecting logs for these cases i...

Scale-Out Backup Repository Offload task fails with "There is not enough space on the disk"

Article Applicability This KB Article is specific to an issue where a SOBR Offload task fails with an error reporting that "There is not enough space on the disk " and the path specified in the error contains 'VeeamBackupTemp '. Challenge Scale-Out Backup Repository's Offload task fails with erro...

Unspecified vulnerability in IDEC PLC (CNVD-2022-02761)

The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that can be exploited by an attacker to obtain user credentials from a file server, a backup repository, or a ZLD file saved on an SD card...