Veeam Patches Critical Remote Code Execution and Privilege Escalation Flaws

**Executive summary:** Veeam released urgent security updates for multiple critical vulnerabilities affecting its Service Provider Console, Windows Agent, and Linux Software Appliance—most notably CVE-2026-32998 (critical RCE, CVSS 9.4), plus local privilege escalation (CVE-2026-32996) and an arbitrary file write (CVE-2026-32997). Administrators should apply the fixed versions (e.g., 9.2.1.33875 and 13.0.2) immediately or apply the documented workaround (set AlarmManagement_ScriptExecution to false) to protect backup environments.