Home / Threat Intelligence bulletins / Veeam announce two critical vulnerabilities in their Backup & Replication software


Veeam have published details of multiple critical vulnerabilities (CVE-2022-26500, CVE2022-26501) in their Backup & Replication software. The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions.


A remote attacker may send input to the internal API which may lead to the uploading and executing of malicious code.

Vulnerability Detection

Check if TCP port 9380 is exposed to the internet.

Affected Products

  • Veeam Backup & Replication 9.5
  • Veeam Backup & Replication 10
  • Veeam Backup & Replication 11

Containment, Mitigations & Remediations

Patches are available for Veeam Backup versions 10a and 11a, but 9.5 is unsupported.

Indicators of Compromise

No known exploitation.

Threat Landscape

Backup solutions are highly desirable targets for extortion gangs as compromising backups makes it harder for organisations to recover from attacks such as ransomware. Veeam has been one backup solution which has been deliberately targeted by a variety of threat actors due to the large client base and the nature and size of those clients.

Mitre Methodologies

T1190 – Exploit Public-Facing Application.

Further Information

CVE-2022-26500 | CVE-2022-26501

Multiple Critical Vulnerabilities in Veeam