CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 09, 2026

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

The Hacker News Archived Jun 09, 2026 ✓ Full text saved

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It

Full text archived locally
✦ AI Summary · Claude Sonnet


    Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code Ravie LakshmananJun 09, 2026Vulnerability / Backup Software Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It credited watchTowr researcher Sina Kheirkhah for responsibly discovering and reporting the issue. It impacts Veeam Backup & Replication 12.3.2.4465 and all earlier versions of 12 builds. Veeam has noted that the vulnerability does not affect any version 13.x build of the backup software due to architectural changes introduced in version 13. The shortcoming has been addressed in Veeam Backup & Replication version 12.3.2.4854. In March 2026, Veeam resolved multiple critical vulnerabilities in Backup & Replication software that, if successfully exploited, could result in remote code execution. It's essential that users update to the latest version for optimal version, particularly given that prior vulnerabilities in the program have been exploited by bad actors, including ransomware groups. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Backup software, cybersecurity, ransomware, remote code execution, Veeam, Vulnerability ⚡ Top Stories This Week One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors + 20 New Stories Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs ⭐ Featured Resources See How Agentic AI Cuts Your SOC Triage Time in Half [Get a Demo] Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale [Guide] Transform Network Operations with Intelligent Workflows Catch 88% of Malware Threats in Under 60 Seconds with Live Sandbox Analysis
    💬 Team Notes
    Article Info
    Source
    The Hacker News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 09, 2026
    Archived
    Jun 09, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗