Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers
Cybersecurity NewsArchived Jun 09, 2026✓ Full text saved
A critical security vulnerability has been disclosed in Veeam Backup & Replication, one of the most widely deployed enterprise backup solutions globally. Tracked as CVE-2026-44963, the flaw enables authenticated domain users to execute arbitrary code remotely on backup servers, posing severe risks to organizations relying on Veeam for data protection and recovery operations. The vulnerability […] The post Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers appeared first on Cyber S
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers
By Guru Baran
June 9, 2026
A critical security vulnerability has been disclosed in Veeam Backup & Replication, one of the most widely deployed enterprise backup solutions globally.
Tracked as CVE-2026-44963, the flaw enables authenticated domain users to execute arbitrary code remotely on backup servers, posing severe risks to organizations relying on Veeam for data protection and recovery operations.
The vulnerability carries a CVSS v4 score of 9.4, placing it firmly in the critical severity tier. Discovered and reported by security researcher Sina Kheirkhah (@SinSinology) of WatchTowr, CVE-2026-44963 allows remote code execution (RCE) on the Backup Server by any authenticated domain user, a notably low privilege requirement that dramatically widens the attack surface.
Veeam Vulnerability Allows RCE Attacks
Crucially, this vulnerability only impacts domain-joined backup servers. Organizations running Veeam in a workgroup configuration rather than an Active Directory domain environment are not affected by this specific flaw.
Veeam’s own security best practice guidance has long recommended evaluating workgroup versus domain configurations precisely because domain-joined deployments expand the potential attacker pool.
The vulnerability affects Veeam Backup & Replication versions 12 through 12.3.2.4465, and all earlier versions of 12. This encompasses a wide range of deployments across the following major releases:
Veeam Backup & Replication 12
Veeam Backup & Replication 12.1
Veeam Backup & Replication 12.2
Veeam Backup & Replication 12.3, 12.3.1, and 12.3.2 (prior to build 4854)
Notably, Veeam Backup & Replication version 13.x is not affected due to architectural changes introduced in that release cycle. Unsupported product versions were not formally tested but should be assumed vulnerable.
Veeam has addressed the vulnerability in Veeam Backup & Replication 12.3.2.4854, released June 9, 2026, and available via Veeam KB4696. Organizations should prioritize upgrading immediately.
Veeam explicitly warned that once a vulnerability patch is publicly disclosed, threat actors routinely reverse-engineer the fix to develop exploits targeting unpatched systems.
Given the critical CVSS score and the relatively low bar of “authenticated domain user” access needed to trigger RCE, exploitation attempts against unpatched deployments are highly probable in the near term.
Upgrade to Veeam Backup & Replication 12.3.2.4854 immediately
Audit whether backup servers are domain-joined and evaluate migrating to a workgroup configuration per Veeam’s security best practices
Monitor for suspicious lateral movement or privilege escalation activity originating from backup infrastructure
Review domain user access controls on all Veeam Backup Server instances
Backup servers are high-value targets for ransomware operators, making rapid patching of CVE-2026-44963 a top remediation priority for enterprise security teams.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
vulnerability
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing
New Linux Kernel Vulnerability Lets Attackers Escalate Privileges to Root
Microsoft Defender Now Monitors RPC Protocol Abuse by Hackers
UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials
How Threat Intelligence Feeds Help Automate SOCs to Reduce MTTR
Latest News
Cyber Security News
North Korea-Aligned Hackers Abuse GitHub Repositories to Infect Developers
ANY.RUN
How Threat Intelligence Feeds Help Automate SOCs to Reduce MTTR
Cyber Security
Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands
Cyber Security
SPF, DKIM, DMARC Passed. Malicious Link Passes Every Authentication Check, But CyberCheck360 Caught It
Cyber Security
Google Chrome 0-Day Vulnerability Exploited in the Wild — Update Now