The Hacker NewsArchived Jun 09, 2026✓ Full text saved
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It
Full text archived locally
✦ AI Summary· Claude Sonnet
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Ravie LakshmananJun 09, 2026Vulnerability / Backup Software
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution.
Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0.
"A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory.
It credited watchTowr researcher Sina Kheirkhah for responsibly discovering and reporting the issue. It impacts Veeam Backup & Replication 12.3.2.4465 and all earlier versions of 12 builds.
Veeam has noted that the vulnerability does not affect any version 13.x build of the backup software due to architectural changes introduced in version 13.
The shortcoming has been addressed in Veeam Backup & Replication version 12.3.2.4854.
In March 2026, Veeam resolved multiple critical vulnerabilities in Backup & Replication software that, if successfully exploited, could result in remote code execution.
It's essential that users update to the latest version for optimal version, particularly given that prior vulnerabilities in the program have been exploited by bad actors, including ransomware groups.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
Backup software, cybersecurity, ransomware, remote code execution, Veeam, Vulnerability
⚡ Top Stories This Week
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors + 20 New Stories
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
⭐ Featured Resources
See How Agentic AI Cuts Your SOC Triage Time in Half [Get a Demo]
Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale
[Guide] Transform Network Operations with Intelligent Workflows
Catch 88% of Malware Threats in Under 60 Seconds with Live Sandbox Analysis