{"vulnerability": "cve-2026-2166", "sightings": [{"uuid": "887b56e6-86ee-4d6e-841a-9ab79c5cff90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21660", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mg3ww3yku32s", "content": "", "creation_timestamp": "2026-03-02T19:01:51.345520Z"}, {"uuid": "37ff758f-2c0c-43b4-85c9-b500fcd0f6e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21660", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01", "content": "", "creation_timestamp": "2026-02-26T11:00:00.000000Z"}, {"uuid": "472cf8a0-d368-4465-a15e-8b57d8912d50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mguq65ejqe2z", "content": "", "creation_timestamp": "2026-03-12T15:37:38.322061Z"}, {"uuid": "b19127f2-60d8-4923-9633-08316ce24245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mhbustnj6a22", "content": "", "creation_timestamp": "2026-03-17T21:05:24.251617Z"}, {"uuid": "be40786e-2a09-4e2d-b465-c02a6e8c015a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mhbustnj6a22", "content": "", "creation_timestamp": "2026-03-17T21:05:24.331735Z"}, {"uuid": "0625f44e-745a-45b2-89e2-742c781e1c4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mguratg65t24", "content": "", "creation_timestamp": "2026-03-12T15:57:02.141892Z"}, {"uuid": "e1a98ae3-5c5d-4e06-a21c-825e20faa824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mguraw2nct2n", "content": "", "creation_timestamp": "2026-03-12T15:57:05.396367Z"}, {"uuid": "571a31db-7695-46db-a61b-be7cb73770a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgurb6brne2c", "content": "", "creation_timestamp": "2026-03-12T15:57:14.068095Z"}, {"uuid": "93788009-09a7-483f-8ff4-4ae4a0ccbb53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21668", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgurbfowzw2x", "content": "", "creation_timestamp": "2026-03-12T15:57:21.649946Z"}, {"uuid": "351d7d39-7a54-4b45-9d37-20cd522a0af4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21660", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mftsdysdkq27", "content": "", "creation_timestamp": "2026-02-27T13:18:50.841728Z"}, {"uuid": "cb27c0f9-50e4-48f6-9046-d39350a05df3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mhmso4qd2c2x", "content": "", "creation_timestamp": "2026-03-22T05:26:19.710435Z"}, {"uuid": "e7efad6a-dff0-46aa-9eea-0c140abc1fee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mhmso4qd2c2x", "content": "", "creation_timestamp": "2026-03-22T05:26:19.808646Z"}, {"uuid": "a6a0b521-f36e-43e2-83b8-2274d5ffc624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mhmtoizl7c2x", "content": "", "creation_timestamp": "2026-03-22T05:44:22.764720Z"}, {"uuid": "b18e511e-c151-4646-8246-aa857da3dd46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html", "content": "", "creation_timestamp": "2026-03-13T03:15:00.000000Z"}, {"uuid": "bc885be7-2dcf-429a-8b58-0f988c4cac3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html", "content": "", "creation_timestamp": "2026-03-13T03:15:00.000000Z"}, {"uuid": "daaaf78f-462a-4766-9c71-f5e1a64a9175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mhn6zffpes2x", "content": "", "creation_timestamp": "2026-03-22T09:07:20.566433Z"}, {"uuid": "838b9c97-1450-400c-bb46-ba7d51520b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mhn6zffpes2x", "content": "", "creation_timestamp": "2026-03-22T09:07:20.664963Z"}, {"uuid": "5cef0509-ef12-4bd9-9979-142690e66fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mgulc3hpkk2q", "content": "", "creation_timestamp": "2026-03-12T14:10:21.384828Z"}, {"uuid": "9970f596-fb17-4f96-94c1-a6a67766f931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21668", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mgulc3hpkk2q", "content": "", "creation_timestamp": "2026-03-12T14:10:21.575930Z"}, {"uuid": "777de33c-e9f8-46fb-bb60-d90df4941750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mgulc3hpkk2q", "content": "", "creation_timestamp": "2026-03-12T14:10:21.474682Z"}, {"uuid": "e4fe8a6f-4a45-4bfd-98a8-1af6fc7bb6c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mgulc3hpkk2q", "content": "", "creation_timestamp": "2026-03-12T14:10:21.668016Z"}, {"uuid": "7f9b4d80-22ca-4196-b186-35b27719c63e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgusfbjrse2n", "content": "", "creation_timestamp": "2026-03-12T16:17:25.735107Z"}, {"uuid": "137f9a8f-1242-4fbd-8a26-9943e15d2ccf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgusgki5qw2f", "content": "", "creation_timestamp": "2026-03-12T16:18:09.619935Z"}, {"uuid": "9d6ce14a-7c72-4e5b-8037-744a49450b87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mguseq5rv727", "content": "", "creation_timestamp": "2026-03-12T16:17:07.296211Z"}, {"uuid": "91b5a5c9-c0e3-4878-9a0a-ad47b5ef7236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://www.acn.gov.it/portale/w/veeam-sanate-vulnerabilita-in-backup-replication", "content": "", "creation_timestamp": "2026-03-13T10:26:51.000000Z"}, {"uuid": "5ae53502-6ab7-48f8-b6c7-3c3b604f167d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21668", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mguspia3xl2o", "content": "", "creation_timestamp": "2026-03-12T16:23:07.873500Z"}, {"uuid": "797d7237-b781-4c6b-b4f6-4d34b8828208", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21668", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-multiple-critical-vulnerabilities-veeam-backup-replication-patch-immediately", "content": "", "creation_timestamp": "2026-03-13T17:25:54.000000Z"}, {"uuid": "822f7007-4f7c-457a-bb13-bd43ee2e88ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-multiple-critical-vulnerabilities-veeam-backup-replication-patch-immediately", "content": "", "creation_timestamp": "2026-03-13T17:25:54.000000Z"}, {"uuid": "4500ad31-8d1a-4fb2-a959-501dd08e0cc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-21668", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/08c1bcc5-abc2-4fd7-8a14-32dffe5c9afc", "content": "", "creation_timestamp": "2026-03-13T11:02:43.907812Z"}, {"uuid": "5fc62630-5ca1-443f-83e2-39bee5e8cf6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/08c1bcc5-abc2-4fd7-8a14-32dffe5c9afc", "content": "", "creation_timestamp": "2026-03-13T11:02:43.907812Z"}, {"uuid": "555641f1-5785-4717-90c3-6c855d617b3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/08c1bcc5-abc2-4fd7-8a14-32dffe5c9afc", "content": "", "creation_timestamp": "2026-03-13T11:02:43.907812Z"}, {"uuid": "e9afbf73-6c2d-4f17-ab26-6e64e578c058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21668", "type": "seen", "source": "https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html", "content": "", "creation_timestamp": "2026-03-14T03:00:10.000000Z"}, {"uuid": "090f1044-a5b7-4022-b720-c5f3b4477ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html", "content": "", "creation_timestamp": "2026-03-14T03:00:10.000000Z"}, {"uuid": "15345f58-6e25-434c-8e80-b708ca27e03c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21668", "type": "seen", "source": "https://www.acn.gov.it/portale/w/veeam-sanate-vulnerabilita-in-backup-replication", "content": "", "creation_timestamp": "2026-03-13T10:26:51.000000Z"}, {"uuid": "5e49d13a-c9ff-44af-9d66-89c8bfc6ba30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-multiple-critical-vulnerabilities-veeam-backup-replication-patch-immediately", "content": "", "creation_timestamp": "2026-03-13T17:25:54.000000Z"}, {"uuid": "2fb90c37-7941-4899-8e8e-8b5e4bbbafd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://www.acn.gov.it/portale/w/veeam-sanate-vulnerabilita-in-backup-replication", "content": "", "creation_timestamp": "2026-03-13T10:26:51.000000Z"}, {"uuid": "6d6ccfdf-2279-4193-a1af-92dc0285e7cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://www.acn.gov.it/portale/w/veeam-sanate-vulnerabilita-in-backup-replication", "content": "", "creation_timestamp": "2026-03-13T10:26:51.000000Z"}, {"uuid": "9b2942af-b830-47c3-bc0c-ba9853b1c3eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mid3dzgcsl2r", "content": "", "creation_timestamp": "2026-03-31T02:00:14.337174Z"}, {"uuid": "966f0cc8-5186-4d6c-804e-a072b9a5bae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mie3qy6v7y2w", "content": "", "creation_timestamp": "2026-03-31T11:40:09.315806Z"}, {"uuid": "4567b552-a5df-4323-9dcd-45db635b3c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21669", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3miedliibs32f", "content": "", "creation_timestamp": "2026-03-31T14:00:15.320852Z"}, {"uuid": "3407a024-15ea-47a8-923b-239a7da8a17a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21668", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mieep2rj4i2r", "content": "", "creation_timestamp": "2026-03-31T14:20:08.317765Z"}, {"uuid": "dc69412c-0ac2-41eb-9195-cfa2a49d9212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21661", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-125-05", "content": "View CSAF\n\nSummary\n\nSuccessful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine.\n\nThe following versions of Johnson Controls CEM AC2000 are affected:\n\n\n\nCEM AC2000 12.0 (CVE-2026-21661)\n\nCEM AC2000 11.0 (CVE-2026-21661)\n\nCEM AC2000 10.6 (CVE-2026-21661)\n\n<div class=\"csaf-table\">\n\n\n\n\nCVSS\nVendor\nEquipment\nVulnerabilities\n\n\n\n\nv3 8.7\nJohnson Controls Inc.\nJohnson Controls CEM AC2000\nUncontrolled Search Path Element\n\n\n\n</div>\n\nBackground\n\n\n\nCritical Infrastructure Sectors: Critical Manufacturing, Commercial Facilities, Government Services and Facilities, Transportation Systems, Energy\n\nCountries/Areas Deployed: Worldwide\n\nCompany Headquarters Location: Ireland\n\n\n\n\nVulnerabilities\n<div class=\"csaf-accordion\">\n\nExpand All +\n<div class=\"csaf-accordion-item\">\n\nCVE-2026-21661\n<div class=\"csaf-accordion-content\">\n\nThe affected product is vulnerable to DLL hijacking, which could allow an attacker to escalate standard user privileges on the host machine.\n\nView CVE Details\n\n\n\nAffected Products\n\nJohnson Controls CEM AC2000\n<div class=\"ics-vendor-version-status\">\n<div class=\"ics-vendor\">Vendor:Johnson Controls Inc.</div>\n<div class=\"ics-version\">Product Version:Johnson Controls Inc. CEM AC2000: 12.0, Johnson Controls Inc. CEM AC2000: 11.0, Johnson Controls Inc. CEM AC2000: 10.6</div>\n<div class=\"ics-status\">Product Status:known_affected</div>\n</div>\n<div class=\"ics-remediations\">\n\nRemediations\n\nMitigationJohnson Controls recommends users apply the following mitigations:\n\nMitigationUpgrade CEM AC 2000 12.0 to 12.0 Release 10.\n\nMitigationUpgrade CEM AC 2000 11.0 to 11.0 Release 9.\n\nMitigationUpgrade CEM AC 2000 10.6 to 10.6 Release 3.\n\nMitigationFor more detailed mitigation instructions, please see Johnson Controls Product Security Advisory.https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\n</div>\n\nRelevant CWE: CWE-427 Uncontrolled Search Path Element\n\n\n\nMetrics\n<div class=\"csaf-table csaf-metrics-table\">\n\n\n\n\nCVSS Version\nBase Score\nBase Severity\nVector String\n\n\n\n\n3.1\n8.7\nHIGH\nCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L\n\n\n\n</div>\n</div>\n</div>\n</div>\n\n\n\nAcknowledgments\n\n\n\nTom Hulme of CSACyber reported this vulnerability to Johnson Controls\n\n\n\n\nLegal Notice and Terms of Use\n\nThis product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).\n\n\n\nRecommended Practices\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.\n\nMinimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.\n\nLocate control system networks and remote devices behind firewalls and isolating them from business networks.\n\nWhen remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nCISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nCISA also recommends users take the following measures to protect themselves from social engineering attacks:\n\nDo not click web links or open attachments in unsolicited email messages.\n\nRefer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.\n\nRefer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.\n\nNo known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.\n\n\n\nRevision History\n\n\n\nInitial Release Date: 2026-05-05\n\n\n\n\n\nDate\nRevision\nSummary\n\n\n\n\n2026-05-05\n1\nInitial Republication of Johnson Controls product security advisory.\n\n\n\n\n\n\nLegal Notice and Terms of Use", "creation_timestamp": "2026-05-05T10:00:00.000000Z"}, {"uuid": "817ca762-a8d4-4929-9529-caaa2b861b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3015", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445, \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0438 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Veeam Backup & Replication \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-03174\nCVE-2026-21666\n\n\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 SIEM-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN);\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.veeam.com/kb4830", "creation_timestamp": "2026-03-16T14:55:38.000000Z"}, {"uuid": "01cb5770-aead-43e0-b046-e2065e4ec7f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21669", "type": "exploited", "source": "https://t.me/true_secator/7993", "content": "Veeam Software \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0447\u0435\u0442\u044b\u0440\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 RCE.\n\nVeeam Backup & Replication - \u044d\u0442\u043e \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u041f\u041e \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0418\u0422-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043a\u043e\u043f\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0433\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a \u0438 \u0441\u0431\u043e\u0435\u0432 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0422\u0440\u0438 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2026-21666, CVE-2026-21667 \u0438 CVE-2026-21669) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0434\u043e\u043c\u0435\u043d\u0430 \u0441 \u043d\u0438\u0437\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u0442\u0430\u043a \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438.\n\n\u0427\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f CVE-2026-21708 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 Backup Viewer \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f postgres.\n\nVeeam \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f EoP \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Veeam Backup & Replication \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Windows, \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 SSH \u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0432 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439.\n\n\u0412\u0441\u0435 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u0445\u043e\u0434\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0447\u0435\u0440\u0435\u0437 HackerOne. \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Veeam Backup & Replication 12.3.2.4465 \u0438 13.0.1.2067.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Veeam \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u041f\u041e \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0447\u0430\u0441\u0442\u043e \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e VBR \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0435\u043d \u0441\u0440\u0435\u0434\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u0443\u0441\u043b\u0443\u0433, \u0441\u0440\u0435\u0434\u043d\u0438\u0445 \u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0439. \u0418 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0432\u043e\u0441\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d \u0441\u0440\u0435\u0434\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0441\u043b\u0443\u0436\u0438\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0434\u043b\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0432\u043d\u0443\u0442\u0440\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u0435\u0433\u043a\u043e \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0438.\n\n\u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0432 VBR \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0431\u0430\u043d\u0434\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Conti, BlackBasta \u0438 Cuba. \u0412 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2024 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b Frag \u0443\u043c\u0435\u043b\u043e \u043f\u0440\u0435\u043f\u0430\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 RCE \u0432 VBR, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u00a0\u0432 \u0430\u0442\u0430\u043a\u0430\u0445 Akira \u0438 Fog,\u00a0\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u0437\u0436\u0435 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430.\n\n\u0418 \u043d\u0435 \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0432\u0435\u0434\u044c \u043f\u0440\u043e\u0434\u0443\u043a\u0446\u0438\u0435\u0439 Veeam \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 550 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 74% \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 Global 2000 \u0438 82% \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0438\u0437 Fortune 500. \u0422\u0430\u043a \u0447\u0442\u043e \u0431\u0443\u0434\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043d\u043e\u0432\u043e\u0439 \u043f\u0430\u0440\u0442\u0438\u0435\u0439 CVE.", "creation_timestamp": "2026-03-13T16:26:50.000000Z"}, {"uuid": "97478656-cd21-4864-9837-51b118aba1a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21666", "type": "exploited", "source": "https://t.me/true_secator/7993", "content": "Veeam Software \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0447\u0435\u0442\u044b\u0440\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 RCE.\n\nVeeam Backup & Replication - \u044d\u0442\u043e \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u041f\u041e \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0418\u0422-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043a\u043e\u043f\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0433\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a \u0438 \u0441\u0431\u043e\u0435\u0432 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0422\u0440\u0438 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2026-21666, CVE-2026-21667 \u0438 CVE-2026-21669) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0434\u043e\u043c\u0435\u043d\u0430 \u0441 \u043d\u0438\u0437\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u0442\u0430\u043a \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438.\n\n\u0427\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f CVE-2026-21708 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 Backup Viewer \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f postgres.\n\nVeeam \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f EoP \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Veeam Backup & Replication \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Windows, \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 SSH \u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0432 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439.\n\n\u0412\u0441\u0435 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u0445\u043e\u0434\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0447\u0435\u0440\u0435\u0437 HackerOne. \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Veeam Backup & Replication 12.3.2.4465 \u0438 13.0.1.2067.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Veeam \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u041f\u041e \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0447\u0430\u0441\u0442\u043e \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e VBR \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0435\u043d \u0441\u0440\u0435\u0434\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u0443\u0441\u043b\u0443\u0433, \u0441\u0440\u0435\u0434\u043d\u0438\u0445 \u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0439. \u0418 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0432\u043e\u0441\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d \u0441\u0440\u0435\u0434\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0441\u043b\u0443\u0436\u0438\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0434\u043b\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0432\u043d\u0443\u0442\u0440\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u0435\u0433\u043a\u043e \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0438.\n\n\u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0432 VBR \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0431\u0430\u043d\u0434\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Conti, BlackBasta \u0438 Cuba. \u0412 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2024 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b Frag \u0443\u043c\u0435\u043b\u043e \u043f\u0440\u0435\u043f\u0430\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 RCE \u0432 VBR, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u00a0\u0432 \u0430\u0442\u0430\u043a\u0430\u0445 Akira \u0438 Fog,\u00a0\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u0437\u0436\u0435 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430.\n\n\u0418 \u043d\u0435 \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0432\u0435\u0434\u044c \u043f\u0440\u043e\u0434\u0443\u043a\u0446\u0438\u0435\u0439 Veeam \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 550 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 74% \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 Global 2000 \u0438 82% \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0438\u0437 Fortune 500. \u0422\u0430\u043a \u0447\u0442\u043e \u0431\u0443\u0434\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043d\u043e\u0432\u043e\u0439 \u043f\u0430\u0440\u0442\u0438\u0435\u0439 CVE.", "creation_timestamp": "2026-03-13T16:26:50.000000Z"}, {"uuid": "e566dd17-ee1e-41bc-9c39-7b6cd6a66be3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21667", "type": "exploited", "source": "https://t.me/true_secator/7993", "content": "Veeam Software \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0447\u0435\u0442\u044b\u0440\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 RCE.\n\nVeeam Backup & Replication - \u044d\u0442\u043e \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u041f\u041e \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0418\u0422-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043a\u043e\u043f\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0433\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a \u0438 \u0441\u0431\u043e\u0435\u0432 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0422\u0440\u0438 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2026-21666, CVE-2026-21667 \u0438 CVE-2026-21669) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0434\u043e\u043c\u0435\u043d\u0430 \u0441 \u043d\u0438\u0437\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u0442\u0430\u043a \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438.\n\n\u0427\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f CVE-2026-21708 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 Backup Viewer \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f postgres.\n\nVeeam \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f EoP \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Veeam Backup & Replication \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Windows, \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 SSH \u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0432 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0439.\n\n\u0412\u0441\u0435 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u0445\u043e\u0434\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0447\u0435\u0440\u0435\u0437 HackerOne. \u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Veeam Backup & Replication 12.3.2.4465 \u0438 13.0.1.2067.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Veeam \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u041f\u041e \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0447\u0430\u0441\u0442\u043e \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e VBR \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0435\u043d \u0441\u0440\u0435\u0434\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u0443\u0441\u043b\u0443\u0433, \u0441\u0440\u0435\u0434\u043d\u0438\u0445 \u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0439. \u0418 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0432\u043e\u0441\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d \u0441\u0440\u0435\u0434\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0441\u043b\u0443\u0436\u0438\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0434\u043b\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0432\u043d\u0443\u0442\u0440\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439, \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u0435\u0433\u043a\u043e \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u043e\u043f\u0438\u0438.\n\n\u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0432 VBR \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0431\u0430\u043d\u0434\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Conti, BlackBasta \u0438 Cuba. \u0412 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2024 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b Frag \u0443\u043c\u0435\u043b\u043e \u043f\u0440\u0435\u043f\u0430\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 RCE \u0432 VBR, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u00a0\u0432 \u0430\u0442\u0430\u043a\u0430\u0445 Akira \u0438 Fog,\u00a0\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u0437\u0436\u0435 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430.\n\n\u0418 \u043d\u0435 \u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0432\u0435\u0434\u044c \u043f\u0440\u043e\u0434\u0443\u043a\u0446\u0438\u0435\u0439 Veeam \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 550 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 74% \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430 Global 2000 \u0438 82% \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0438\u0437 Fortune 500. \u0422\u0430\u043a \u0447\u0442\u043e \u0431\u0443\u0434\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043d\u043e\u0432\u043e\u0439 \u043f\u0430\u0440\u0442\u0438\u0435\u0439 CVE.", "creation_timestamp": "2026-03-13T16:26:50.000000Z"}]}