Comprehensive data protection for all workloads
Post Reply
matsusan
Influencer
Posts: 24
Liked: 3 times
Joined: Feb 26, 2026 8:55 pm
Full Name: ryoma matsuyama
Contact:
Contact matsusan

OpenSSL Vulnerabilities (June 2026) and Veeam Component Compatibility

Post by matsusan »

I would like to ask if current Veeam environment is affected by the recently released OpenSSL vulnerabilities,
and how we should address them if they are.

Here is our environment configuration and the list of CVEs we are concerned about.

Environment Details

Code: Select all

    Component				Veeam Build / Install Type         OpenSSL Version
      Backup Server			Build: 13.0.1.180			3.0.8
      Proxy Server			Installed from Backup Server		3.0.8
     (Hyper-V Host)	
      Veeam Agent for Linux		Installed from Backup Server		3.0.0
      Veeam Agent for Microsoft Windows	Installed from Backup Server		3.0.8

Concerned OpenSSL CVEs (Released on June 9, 2026)

Code: Select all

      No.	CVE-ID
      1		CVE-2026-34180
      2		CVE-2026-34183
      3		CVE-2026-42764
      4		CVE-2026-42765
      5		CVE-2026-42766
      6		CVE-2026-35188
      7		CVE-2026-45447

Questions
1. Are the Veeam components using the OpenSSL versions listed above affected by these CVEs?
2. If they are affected, what are the recommended steps, patches, or workarounds to mitigate these vulnerabilities?

Thanks,
Ryoma
Top
Mildur
Product Manager
Posts: 11913
Liked: 3380 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:
Contact Mildur

Re: OpenSSL Vulnerabilities (June 2026) and Veeam Component Compatibility

Post by Mildur »

Hi Ryoma,

Our security team has reviewed the OpenSSL June CVEs and confirmed we’re not using the affected components. Furthermore some of the CVEs you mentioned impact OpenSSL builds we don’t use in our products.

Our upcoming minor update (v13.1) will include a newer OpenSSL version. A manual workaround or update for OpenSSL isn’t possible.

Best,
Fabian
Product Management Analyst @ Veeam Software
Top
matsusan
Influencer
Posts: 24
Liked: 3 times
Joined: Feb 26, 2026 8:55 pm
Full Name: ryoma matsuyama
Contact:
Contact matsusan

Re: OpenSSL Vulnerabilities (June 2026) and Veeam Component Compatibility

Post by matsusan »

Thank you for your response.

We would like to ask a quick follow-up question to clarify our security assessment.

According to the official OpenSSL advisories, versions 3.0.0 and 3.0.8 are listed as affected by CVE-2026-34180, CVE-2026-42766, and CVE-2026-45447 (https://openssl-library.org/news/vulnerabilities/).

In our environment (Build 13.0.1.180), we found these versions in the following installation folders:

- Windows (Backup Server, Proxy, and Agent)
Path: C:\Program Files\Common Files\Veeam\OpenSSL3\x64\openssl.exe <- v3.0.8
- Linux (Agent)
Path: /opt/veeam/openssl3/ <- v3.0.0

Although these files are present in the directories, does this mean they are not actually affected by these vulnerabilities?

Thanks,
Ryoma
Top
Post Reply

Return to “Veeam Backup & Replication”



Who is online

Users browsing this forum: No registered users and 593 guests