CVE-2026-32998 CRITICAL

CVE-2026-32998

Vendor Veeam
Product Service Provider Console
Weakness CWE-233
Published May 28, 2026
Last update May 29, 2026

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

This vulnerability in Veeam Service Provider Console allows for remote code execution.

Key dates

02Disclosure timeline

May 28, 2026 CVE published
May 29, 2026 Record updated