CVE-2022-26500

HIGH KEV RANSOMWARE

Veeam Backup & Replication <11.x - Code Injection

Title source: llm

Exploitation Summary

CVE-2022-26500 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 13, 2022, with confirmed use in ransomware campaigns.

Description

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://veeam.com

Vendor Advisory x_refsource_misc

https://www.veeam.com/kb4288

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26500

Scores

CVSS v3 8.8

EPSS 0.1903

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-12-13

VulnCheck KEV 2022-10-24

InTheWild.io 2022-12-13

ENISA EUVD EUVD-2022-31058

Ransomware Use Confirmed

CWE

CWE-22

Status published

Products (5)

veeam/veeam_backup_\&_replication 9.5.0.1536

veeam/veeam_backup_\&_replication 9.5.4.2615

veeam/veeam_backup_\&_replication 10.0.1.4854 (3 CPE variants)

veeam/veeam_backup_\&_replication 11.0.1.1261 (3 CPE variants)

veeam/veeam_backup_\&_replication 10.0.0.4442 - 10.0.1.4854

Published Mar 17, 2022

KEV Added Dec 13, 2022

Tracked Since Feb 18, 2026