CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 09, 2026

Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers

Cybersecurity News Archived Jun 09, 2026 ✓ Full text saved

A critical security vulnerability has been disclosed in Veeam Backup & Replication, one of the most widely deployed enterprise backup solutions globally. Tracked as CVE-2026-44963, the flaw enables authenticated domain users to execute arbitrary code remotely on backup servers, posing severe risks to organizations relying on Veeam for data protection and recovery operations. The vulnerability […] The post Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers appeared first on Cyber S

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers By Guru Baran June 9, 2026 A critical security vulnerability has been disclosed in Veeam Backup & Replication, one of the most widely deployed enterprise backup solutions globally. Tracked as CVE-2026-44963, the flaw enables authenticated domain users to execute arbitrary code remotely on backup servers, posing severe risks to organizations relying on Veeam for data protection and recovery operations. The vulnerability carries a CVSS v4 score of 9.4, placing it firmly in the critical severity tier. Discovered and reported by security researcher Sina Kheirkhah (@SinSinology) of WatchTowr, CVE-2026-44963 allows remote code execution (RCE) on the Backup Server by any authenticated domain user, a notably low privilege requirement that dramatically widens the attack surface. Veeam Vulnerability Allows RCE Attacks Crucially, this vulnerability only impacts domain-joined backup servers. Organizations running Veeam in a workgroup configuration rather than an Active Directory domain environment are not affected by this specific flaw. Veeam’s own security best practice guidance has long recommended evaluating workgroup versus domain configurations precisely because domain-joined deployments expand the potential attacker pool. The vulnerability affects Veeam Backup & Replication versions 12 through 12.3.2.4465, and all earlier versions of 12. This encompasses a wide range of deployments across the following major releases: Veeam Backup & Replication 12 Veeam Backup & Replication 12.1 Veeam Backup & Replication 12.2 Veeam Backup & Replication 12.3, 12.3.1, and 12.3.2 (prior to build 4854) Notably, Veeam Backup & Replication version 13.x is not affected due to architectural changes introduced in that release cycle. Unsupported product versions were not formally tested but should be assumed vulnerable. Veeam has addressed the vulnerability in Veeam Backup & Replication 12.3.2.4854, released June 9, 2026, and available via Veeam KB4696. Organizations should prioritize upgrading immediately. Veeam explicitly warned that once a vulnerability patch is publicly disclosed, threat actors routinely reverse-engineer the fix to develop exploits targeting unpatched systems. Given the critical CVSS score and the relatively low bar of “authenticated domain user” access needed to trigger RCE, exploitation attempts against unpatched deployments are highly probable in the near term. Upgrade to Veeam Backup & Replication 12.3.2.4854 immediately Audit whether backup servers are domain-joined and evaluate migrating to a workgroup configuration per Veeam’s security best practices Monitor for suspicious lateral movement or privilege escalation activity originating from backup infrastructure Review domain user access controls on all Veeam Backup Server instances Backup servers are high-value targets for ransomware operators, making rapid patching of CVE-2026-44963 a top remediation priority for enterprise security teams. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news vulnerability Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing New Linux Kernel Vulnerability Lets Attackers Escalate Privileges to Root Microsoft Defender Now Monitors RPC Protocol Abuse by Hackers UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials How Threat Intelligence Feeds Help Automate SOCs to Reduce MTTR  Latest News Cyber Security News North Korea-Aligned Hackers Abuse GitHub Repositories to Infect Developers ANY.RUN How Threat Intelligence Feeds Help Automate SOCs to Reduce MTTR  Cyber Security Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands Cyber Security SPF, DKIM, DMARC Passed. Malicious Link Passes Every Authentication Check, But CyberCheck360 Caught It Cyber Security Google Chrome 0-Day Vulnerability Exploited in the Wild — Update Now
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 09, 2026
    Archived
    Jun 09, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗