Veeam released fixes for a critical flaw in its Backup & Replication software that could let a low-privilege domain user take over a backup server. The issue, CVE-2026-44963, affects Veeam Backup & Replication 12.3.2.4465 and all earlier version 12 builds when the backup server is joined to a Windows domain; it was fixed in version 12.3.2.4854, and Veeam says version 13.x is not affected due to architectural changes.
Why it matters: Backup servers are high-value targets because attackers and ransomware gangs use them to steal data and destroy recovery options. Organizations running affected Veeam versions should update immediately and review whether backup servers are unnecessarily joined to a domain.
info@thehackernews.com (The Hacker News)
2026.06.09
99% relevant
This article appears to report the same Veeam Backup & Replication remote-code-execution issue, centered on CVE-2026-44963 and its impact on domain-joined environments, adding another source covering the same vendor patch and risk details.
Sergiu Gatlan
2026.06.09
100% relevant
This article establishes a new story around Veeam's disclosure and patching of CVE-2026-44963, a newly reported critical RCE flaw affecting domain-joined Veeam Backup & Replication servers.
← Back to all stories