← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-26500 — Actively Exploited: Backup & Replication (Veeam)

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

CVE IDCVE-2022-26500
VendorVeeam
ProductBackup & Replication
Vulnerability nameVeeam Backup & Replication Remote Code Execution Vulnerability
Date added2022-12-13
Remediation due2023-01-03
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionThe Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →