Dear Veeam R&D Team,
I hope you are doing well.
We would like to inquire about the version of PostgreSQL bundled with the Veeam v13 Software Appliance.
Recently, several PostgreSQL vulnerabilities have been reported with the following CVE IDs:
* CVE-2025-8713
* CVE-2025-8714
* CVE-2025-8715
* CVE-2026-2003
* CVE-2026-2004
* CVE-2026-2005
* CVE-2026-2006
According to the PostgreSQL advisory, the affected versions are PostgreSQL 14 through 18, and the issues are fixed in the following versions:
* 14.21
* 15.16
* 16.12
* 17.8
* 18.2
We checked the PostgreSQL version included in the **Veeam v13 Software Appliance** using Veeam Intelligence, and it appears to be:
`PostgreSQL 17.6 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 11.5.0 20240719 (Red Hat 11.5.0-5), 64-bit`
Since version **17.6** seems to fall within the vulnerable range, we would like to confirm the following:
1. Is Veeam aware of this vulnerability affecting the PostgreSQL version bundled with the v13 Software Appliance?
2. Are there plans to update the embedded PostgreSQL version to **17.8 or later** in a future update or patch of the v13 Software Appliance?
The appliance is currently updated to the latest version via the built-in updater, but the PostgreSQL version does not appear to have been updated.
We would appreciate your guidance on this matter.
Best regards,
Tetsuo
-
TYamamoto
- Novice
- Posts: 6
- Liked: never
- Joined: Jan 14, 2026 2:47 am
- Full Name: Tetsuo Yamamoto
- Contact:
-
vnikiforov
- Product Manager
- Posts: 61
- Liked: 18 times
- Joined: Aug 17, 2022 5:03 am
- Full Name: Vladimir Nikiforov
- Location: Romania
- Contact:
Re: [V13]Vulnerable version of PostgreSQL bundled with VSA v13
Hello, Tetsuo,
Let me check internally and I will return with the answer.
Let me check internally and I will return with the answer.
---
BR,
Vladimir
Veeam Software
BR,
Vladimir
Veeam Software
-
HannesK
- Product Manager
- Posts: 16014
- Liked: 3619 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: [V13]Vulnerable version of PostgreSQL bundled with VSA v13
Hello,
yes, we are aware and working on a solution.
Best regards
Hannes
yes, we are aware and working on a solution.
Best regards
Hannes
-
TYamamoto
- Novice
- Posts: 6
- Liked: never
- Joined: Jan 14, 2026 2:47 am
- Full Name: Tetsuo Yamamoto
- Contact:
Re: [V13]Vulnerable version of PostgreSQL bundled with VSA v13
Hello,
An update (version 13.0.1.2067) was released on March 12, as described in the following KB article:
https://www.veeam.com/kb4738
Could you please confirm whether this update addresses the PostgreSQL vulnerability CVE-2026-2006 affecting the PostgreSQL version bundled with the Veeam Software Appliance (VSA) v13?
Thank you in advance for your clarification.
Best regards.
Tetsuo
An update (version 13.0.1.2067) was released on March 12, as described in the following KB article:
https://www.veeam.com/kb4738
Could you please confirm whether this update addresses the PostgreSQL vulnerability CVE-2026-2006 affecting the PostgreSQL version bundled with the Veeam Software Appliance (VSA) v13?
Thank you in advance for your clarification.
Best regards.
Tetsuo
-
HannesK
- Product Manager
- Posts: 16014
- Liked: 3619 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: [V13]Vulnerable version of PostgreSQL bundled with VSA v13
Hello,
the updates from yesterday are for Veeam software components. Not for Postgres.
Best regards
Hannes
the updates from yesterday are for Veeam software components. Not for Postgres.
Best regards
Hannes
Who is online
Users browsing this forum: AdsBot [Google], Amazon [Bot], Bing [Bot], Google [Bot] and 248 guests