Critical RCE Vulnerability in Veeam Backup & Replication Exposes Enterprise Systems
A severe security flaw, tracked as CVE-2026-44963, has been disclosed in Veeam Backup & Replication, a widely used enterprise backup solution. The vulnerability, rated 9.4 (Critical) on the CVSS v4 scale, allows authenticated domain users to execute arbitrary code remotely on affected backup servers, significantly increasing the risk of compromise for organizations relying on Veeam for data protection.
Discovered by security researcher Sina Kheirkhah (@SinSinology) of WatchTowr, the flaw enables remote code execution (RCE) with minimal privileges any domain user can exploit it. The vulnerability only affects domain-joined backup servers, excluding workgroup configurations, which Veeam has previously noted as a more secure deployment option.
Affected Versions:
- Veeam Backup & Replication 12.x (all versions through 12.3.2.4465)
- Earlier 12.1, 12.2, and 12.3 releases (prior to build 4854)
- Unsupported versions (assumed vulnerable)
Unaffected Versions:
- Veeam Backup & Replication 13.x (due to architectural changes)
Veeam released a patch (12.3.2.4854) on June 9, 2026, urging immediate upgrades. Given the critical severity and low exploitation threshold, unpatched systems are at high risk of targeted attacks, particularly as threat actors reverse-engineer the fix. Backup servers are prime targets for ransomware operators, making rapid remediation essential for enterprise security teams.
Source: https://cybersecuritynews.com/veeam-vulnerability-rce-attacks/
Veeam TPRM report: https://www.rankiteo.com/company/veeam-software
"id": "vee1781029519",
"linkid": "veeam-software",
"type": "Vulnerability",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'name': 'Veeam Backup & Replication users',
'type': 'Enterprise organizations'}],
'attack_vector': 'Authenticated domain user access',
'customer_advisories': 'Urgent advisory to upgrade to patched version '
'(12.3.2.4854).',
'date_publicly_disclosed': '2026-06-09',
'description': 'A severe security flaw, tracked as CVE-2026-44963, has been '
'disclosed in Veeam Backup & Replication, a widely used '
'enterprise backup solution. The vulnerability allows '
'authenticated domain users to execute arbitrary code remotely '
'on affected backup servers, significantly increasing the risk '
'of compromise for organizations relying on Veeam for data '
'protection.',
'impact': {'systems_affected': 'Backup servers'},
'post_incident_analysis': {'corrective_actions': 'Patch released '
'(12.3.2.4854) and '
'architectural changes in '
'version 13.x',
'root_causes': 'Critical RCE vulnerability '
'(CVE-2026-44963) in domain-joined '
'backup servers'},
'recommendations': 'Immediately upgrade to Veeam Backup & Replication '
'12.3.2.4854 or later. Consider workgroup configurations '
'for enhanced security.',
'references': [{'source': 'Sina Kheirkhah (@SinSinology) of WatchTowr'}],
'response': {'communication_strategy': 'Urgent advisory to upgrade',
'containment_measures': 'Patch released (12.3.2.4854)',
'remediation_measures': 'Immediate upgrade to patched version '
'(12.3.2.4854)'},
'title': 'Critical RCE Vulnerability in Veeam Backup & Replication Exposes '
'Enterprise Systems',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2026-44963'}