{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21670", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-02T15:00:02.871Z", "datePublished": "2026-03-12T15:09:39.200Z", "dateUpdated": "2026-03-12T15:34:25.911Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Backup and Replication", "versions": [{"version": "13.0.1", "status": "affected", "lessThan": "13.0.1", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4831"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.200Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T15:32:35.171553Z", "id": "CVE-2026-21670", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:34:25.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21670", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T15:32:35.171553Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:34:20.910Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}}], "affected": [{"vendor": "Veeam", "product": "Backup and Replication", "versions": [{"status": "affected", "version": "13.0.1", "lessThan": "13.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4831"}], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-12T15:09:39.200Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21670", "state": "PUBLISHED", "dateUpdated": "2026-03-12T15:34:25.911Z", "dateReserved": "2026-01-02T15:00:02.871Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-03-12T15:09:39.200Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a low-privileged user to extract saved SSH credentials."}], "id": "CVE-2026-21670", "lastModified": "2026-03-12T21:07:53.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-03-12T15:16:13.510", "references": [{"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4831"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[13.0.1,13.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Backup and Replication", "source": "cna", "vendor": "Veeam"}, "product": "backup_and_replication", "vendor": "veeam"}], "analysis": {"en": {"generated_at": "2026-03-26T04:17:55.177196+00:00", "value": {"mitigation_remediation": ["Verify whether your Veeam Backup and Replication installation is affected by reviewing the product version and configuration.", "Apply the official patch or upgrade to the latest version that removes the local credential extraction flaw.", "Restrict low\u2011privileged user rights, ensuring they cannot read the SSH credential store.", "Enable auditing and monitoring of credential access attempts within Veeam to detect unauthorized reads."], "summary": {"action": "Patch Now", "impact": "Credential Theft"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of Veeam Backup and Replication. No specific product versions are listed; any deployment that stores SSH keys in a location accessible to low\u2011privileged users is potentially susceptible.", "description_and_impact": "A flaw in Veeam Backup and Replication permits a local user with limited privileges to read stored SSH credentials. The likely impact includes potential unauthorized remote access to servers where these credentials are valid, which could compromise confidentiality and allow an attacker to elevate privileges on those systems.", "risk_and_exploitability": "The CVSS score of 7.7 categorizes the flaw as high severity. An EPSS score of less than 1\u202f% indicates a low likelihood of widespread public exploitation, and the vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that the attacker must have local low\u2011privileged access to the Veeam host; no remote exploitation is documented, reducing the immediate threat but not eliminating the risk of credential theft."}}}}, "created": "2026-03-13T09:53:05.891627+00:00", "updated": "2026-03-26T13:55:50.838451+00:00", "vendors": ["veeam", "veeam$PRODUCT$backup_and_replication"]}