CVE-2022-26503

HIGH

Veeam Agent for Windows <5.x - Code Injection

Title source: llm

Description

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.

Exploits (1)

nomisec WRITEUP 11 stars

by sinsinology · poc

https://github.com/sinsinology/CVE-2022-26503

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://veeam.com

[Vendor Advisory] https://www.veeam.com/kb4289

Scores

CVSS v3 7.8

EPSS 0.0177

EPSS Percentile 82.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (5)

veeam/veeam < 4.0.2.2208

veeam/veeam

Timeline

Published Mar 17, 2022

Tracked Since Feb 18, 2026