Veeam Backup & Replication: Authenticated Arbitrary File Write (Linux)
CVE-2026-32997 Published on May 28, 2026

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.

NVD

Weakness Type

Absolute Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.

Affected Versions

Veeam Backup and Replication:

Version 13, <= 13.0.1 is affected.

Veeam Backup & Replication: Authenticated Arbitrary File Write (Linux)CVE-2026-32997 Published on May 28, 2026

Weakness Type

Absolute Path Traversal

Affected Versions

Veeam Backup & Replication: Authenticated Arbitrary File Write (Linux)
CVE-2026-32997 Published on May 28, 2026