CVE-2022-26503

HIGH

Veeam Agent for Windows <5.x - Code Injection

Title source: llm

Description

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.

Exploits (1)

nomisec WRITEUP 11 stars

by sinsinology · poc

https://github.com/sinsinology/CVE-2022-26503

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://veeam.com

Vendor Advisory x_refsource_misc

https://www.veeam.com/kb4289

Scores

CVSS v3 7.8

EPSS 0.0177

EPSS Percentile 82.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (5)

veeam/veeam 2.0

veeam/veeam 2.1

veeam/veeam 2.2

veeam/veeam 3.0.2

veeam/veeam 4.0.0 - 4.0.2.2208

Published Mar 17, 2022

Tracked Since Feb 18, 2026