Skip to main content

Service Provider Console from version 9.0 how to upgrade to 9.2.0.33215 and fix CVE-2026-32998

  • June 9, 2026
  • 1 comment
  • 45 views
Link State
Forum|alt.badge.img+12

In today’s threat landscape, backup and management platforms have become prime targets for cyberattacks, particularly in multi-tenant service provider environments. Ensuring the security and integrity of these systems is no longer optional—it is a critical operational requirement.

Recently, a critical vulnerability (CVE-2026-32998) with a CVSS v3.1 score of 9.4 has been identified in Veeam Service Provider Console (VSPC) version 9 builds. This vulnerability can potentially allow remote code execution (RCE) through specific features such as alarm script execution, exposing service providers to severe risks including unauthorized access, system compromise, and lateral movement across managed infrastructures. [community.veeam.com]

All versions prior to VSPC 9.2.1.33875, including 9.0.0.29860, are affected, making it imperative for organizations to take immediate action. [community.veeam.com]

This guide is designed to provide a clear and practical walkthrough on how to safely upgrade Veeam Service Provider Console from version 9.0 (build 9.0.0.29860) to build 9.2.1.33875, the version that addresses this vulnerability. In addition to step-by-step upgrade instructions, it also highlights key considerations, prerequisites, and best practices to ensure a smooth transition and minimize operational risks.

By following this guide, service providers can not only remediate a critical security issue but also strengthen the overall resilience of their backup management infrastructure.

 

check: Veeam Service Provider Console 9 Builds - Severity: Critical CVSS v3.1 Score: 9.4 | Veeam Community Resource Hub

 

KB4853: Vulnerability Resolved in Veeam Service Provider Console 9.2.1

Affected Versions

The following versions are affected:

  • All VSPC versions prior to 9.2.1.33875
  • All 9.09.1, and earlier builds
  • Version 9.2.0.33215 may be vulnerable only if alarm script execution has been explicitly enabled.

 

Remember step upgrade:

9.0.0.29860

9.1.0.30713 https://www.veeam.com/products/downloads/latest-version.html?tab=previous

9.2.1.33875

  • Snapshot Vm
  • Backup database
  •  Mount VeeamServiceProviderConsole_9.1.0.30713_20251203.iso
  • Check version VSCP
Run setup
After Reboot the installation automatically open
Upgrade completed
Check version from WebUI
Now mount last iso for patch vuln
VeeamServiceProviderConsole_9.2.1.33875_20260522.iso
Same process to update

Enjoy

Veeam: VMCA | VMCE | VMXP | Veeam Legend - Microsoft: MVP | MCITP | MCP | MCSA | 2008 R2 | 2012R2 | 2016 | MCSE Core Infrastructure | MCSE Cloud Platform - Azure: AZ900 | AZ104| AZ500|AZ305 - AWS Cloud Practitioner - VMWare: VCP-DCV Vsphere 7.x - Cisco: CCNA (Expired) | ‪@linkstate.bsky.social‬

    1 comment

    Chris.Childerhose
    Forum|alt.badge.img+22

    Great article ​@Link State 

    Thankfully, I have already updated to this release as I am moving the database over to new architecture.

    Chris Childerhose (Enterprise Architect) - VMCE+ | VMCA | VMCE | VMCE-SP | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 7* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV/VCP-VVF | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
      Terms & ConditionsAccessibility statement