Primary

Context

Veeam Service Provider Console Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability exists in Veeam Service Provider Console versions 9.1, 9.2, and 9.2.0.33215. This vulnerability arises from script execution within alarms, which can be exploited if the 'ScriptExecutionEnabled' setting is activated.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Veeam Service Provider Console is installed.

Remediation

Users can upgrade to Veeam Service Provider Console version 9.2.1.33875 to address this vulnerability. If an immediate upgrade is not possible, the vulnerability can be mitigated by disabling script execution in the alarm management settings and restarting the Veeam Management Portal Service.

Added: May 28, 2026, 6:04 AM

Updated: May 28, 2026, 6:04 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Veeam Service Provider Console Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Veeam Service Provider Console

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating