{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21670", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-02T15:00:02.871Z", "datePublished": "2026-03-12T15:09:39.200Z", "dateUpdated": "2026-03-12T15:34:25.911Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Backup and Replication", "versions": [{"version": "13.0.1", "status": "affected", "lessThan": "13.0.1", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4831"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.200Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T15:32:35.171553Z", "id": "CVE-2026-21670", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:34:25.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21670", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T15:32:35.171553Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:34:20.910Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}}], "affected": [{"vendor": "Veeam", "product": "Backup and Replication", "versions": [{"status": "affected", "version": "13.0.1", "lessThan": "13.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4831"}], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.200Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21670", "state": "PUBLISHED", "dateUpdated": "2026-03-12T15:34:25.911Z", "dateReserved": "2026-01-02T15:00:02.871Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-03-12T15:09:39.200Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F7C6B2B-8DFE-4FF7-A990-04BB209D5031", "versionEndIncluding": "13.0.1.1071", "versionStartIncluding": "13.0.0.496", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}, {"lang": "es", "value": "Una vulnerabilidad que permite a un usuario de bajo privilegio extraer credenciales SSH guardadas."}], "id": "CVE-2026-21670", "lastModified": "2026-03-31T00:45:56.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "support@hackerone.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-12T15:16:13.510", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://www.veeam.com/kb4831"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[13.0.1,13.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Backup and Replication", "source": "cna", "vendor": "Veeam"}, "product": "backup_and_replication", "vendor": "veeam"}], "analysis": {"en": {"generated_at": "2026-03-31T06:52:26.622327+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch or upgrade to the version that fixes the SSH credential exposure.", "Restrict local user permissions so they cannot access the credential store.", "Monitor system logs for unauthorized credential access attempts and disable SSH authentication through the backup server until a fix is applied."], "summary": {"action": "Apply Patch", "impact": "Credential Exposure"}, "threat_synthesis": {"affected_systems": "The affected product is Veeam Backup and Replication. No specific version numbers are provided in the advisory, so all current releases may be vulnerable until a patch is applied.", "description_and_impact": "The vulnerability in Veeam Backup and Replication allows a low\u2011privileged user with local access to extract stored SSH credentials, exposing login information that could be reused to authenticate to remote servers. This credential exposure is a direct confidentiality compromise consistent with information\u2011exposure weaknesses such as CWE\u2011200, CWE\u2011285, and CWE\u2011522.", "risk_and_exploitability": "The CVSS score of 7.7 indicates high severity for the flaw, while an EPSS score below 1% suggests a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local: a user must be able to log into the backup workstation or server to read the credential store. Although the exploit does not require a remote network connection, the stolen credentials could be used to gain access to other systems via SSH after the initial compromise."}}}}, "created": "2026-03-13T09:53:05.891627+00:00", "updated": "2026-03-31T20:09:34.221602+00:00", "vendors": ["veeam", "veeam$PRODUCT$backup_and_replication"]}