top of page
ALL POSTS
Critical RCE Vulnerabilities in Backup and CMS Infrastructure: Unauthenticated Exploits in Kopia and TYPO3
Key Findings Critical unauthenticated remote code execution flaw in Kopia backup server HTTP implementation tracked as CVE-2026-45695 with CVSS score of 9.8 Vulnerability stems from improper command argument parsing in SSH backend handling without input validation or quote handling Attack exploits SSH ProxyCommand injection via the /api/v1/repo/exists endpoint when server runs with --without-password flag Requires only single HTTP request with no user interaction to achieve f
May 242 min read
Veeam Backup & Replication Patched against Critical RCE Vulnerabilities
Key Findings: Veeam has released security updates to address critical vulnerabilities in its Backup & Replication software, including a flaw with a CVSS score of 9.0 that could allow remote code execution (RCE). The most severe vulnerability, CVE-2025-59470 (CVSS 9.0), enables a Backup or Tape Operator to achieve RCE as the postgres user by sending a malicious interval or order parameter. Three other vulnerabilities, CVE-2025-55125 (CVSS 7.2), CVE-2025-59469 (CVSS 7.2), and C
Jan 72 min read
bottom of page
