Back

Critical RCE Vulnerability in Veeam Backup & Replication Exposed

Severity: High (Score: 72.0)

Sources: Bleepingcomputer, www.cve.org, Digital.Nhs.Uk, www.veeam.com

Published: 2026-06-09 · Updated: 2026-06-09

Keywords: veeam, backup, replication, please, again, later, allows

Summary

Veeam has announced a critical vulnerability (CVE-2026-44963) affecting its Backup & Replication software, allowing authenticated domain users to execute remote code on backup servers. The flaw impacts versions 12.3.2.4465 and earlier, with a CVSS score of 9.4. Although no active exploitation has been reported, Veeam warns that attackers may develop exploits following the patch release. Organizations are urged to upgrade to version 12.3.2.4854 or later, as version 13.x is unaffected due to architectural changes. Veeam's products are widely used, with over 550,000 customers globally, including many Fortune 500 companies. The vulnerability highlights ongoing risks, as ransomware groups have previously targeted Veeam servers to disrupt recovery efforts. Security teams are advised to ensure all updates are applied promptly to mitigate risks. Key Points: • CVE-2026-44963 allows RCE on Veeam Backup & Replication servers by authenticated users. • The vulnerability affects versions 12.3.2.4465 and earlier, with a critical CVSS score of 9.4. • Organizations must upgrade to version 12.3.2.4854 or later to avoid exploitation risks.

Detailed Analysis

**Impact** Over 550,000 Veeam Backup & Replication customers worldwide are potentially affected, including 82% of Fortune 500 companies and 74% of Global 2000 firms. The vulnerability allows remote code execution on domain-joined backup servers, risking unauthorized access, data theft, lateral movement within networks, and disruption of backup and restoration processes. Sectors relying heavily on Veeam for backup operations, particularly those with domain-joined installations, face increased exposure to ransomware and data compromise. No specific geographic limitations were noted. **Technical Details** The vulnerability (CVE-2026-44963) permits remote code execution by any authenticated domain user on Veeam Backup & Replication versions 12.3.2.4465 and earlier 12.x builds. It does not affect any 13.x builds due to architectural changes. Attackers exploit this flaw post-authentication to execute code on backup servers, facilitating ransomware operations and network persistence. No specific malware or IOCs were detailed in the sources. **Recommended Response** Apply the security update in Veeam Backup & Replication version 12.3.2.4854 immediately to mitigate the vulnerability. Organizations should avoid joining Veeam servers to Windows domains per best practices and monitor for unusual domain user activity on backup servers. Harden access controls, implement immutable storage, and verify restore points to reduce ransomware impact. Monitor for exploitation attempts following public patch release.

Source articles (5)

  • CC-4794 - Veeam Releases Security Advisory for Critical Vulnerability in Backup & Replication — Digital.Nhs.Uk · 2026-06-09
    CVE‑2026‑44963 allows authenticated attackers to execute remote code on Veeam Backup & Replication servers. CVE‑2026‑44963 allows authenticated attackers to execute remote code on Veeam Backup & Repli…
  • Veeam Backup & Replication All prior to 12.3.2.4854 End-of-life versions should be considered vulnerable Note: Any version of 13.x build is unaffected. — www.veeam.com · 2026-06-09
    Malware often targets backups. Protect yours with immutable storage, verified restore points, and clear access controls to ensure resilience under pressure. of orgs experienced at least one malware in…
  • New Veeam vulnerability exposes backup servers to RCE attacks — Bleepingcomputer · 2026-06-09
    Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. The vulnerability…
  • Kb4869 — www.veeam.com · 2026-06-09
    Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest Oops! Something went wrong. Please, try again later. Please, try again later. All vulnerabilities docum…
  • Status Reserved CVE-2026-44963 — www.cve.org · 2026-06-09

Timeline

  • 2024-09-07 — CVE-2024-40711 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-06-09 — Veeam announces critical vulnerability: CVE-2026-44963 allows authenticated domain users to execute remote code on Veeam Backup & Replication servers.
  • 2026-06-09 — Veeam releases security advisory: Veeam advises users to update to version 12.3.2.4854 to mitigate the critical vulnerability.
  • Recent — Ransomware gangs target Veeam servers: Previous vulnerabilities in Veeam Backup & Replication have been exploited by ransomware groups to disrupt recovery efforts.

Related entities

  • Malware (Attack Type)
  • Ransomware (Attack Type)
  • Remote Code Execution (Attack Type)
  • Zero-day Exploit (Attack Type)
  • Veeam (Platform)
  • Veeam Backup & Replication (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed