Cyber Resilience

CVE-2026-32997

High

Published: 28 May 2026

Published
28 May 2026
Modified
29 May 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0051 39.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32997 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Veeam Backup (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Cron (T1053.003); ranked at the 39.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1053.003 Cron Execution
Adversaries may abuse the <code>cron</code> utility to perform task scheduling for initial or recurring execution of malicious code.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1543.002 Systemd Service Persistence
Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence.
Why these techniques?

Arbitrary file write via path traversal on Linux server directly enables writing cron jobs, systemd services, or web shells for persistence/execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

Veeam
Backup
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References