Critical Veeam RCE flaw Lets Low-Privilege Users Take Over Backup Servers
Critical Veeam RCE flaw Lets Low-Privilege Users Take Over Backup Servers
Publish Date: 2026-06-09 12:51:20
Source Domain: securityaffairs.com
Critical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup Servers
Veeam has patched a critical remote code execution (RCE) vulnerability in its Backup & Replication software, allowing low-privileged domain users to execute code on backup servers connected to an Active Directory domain, potentially leading to complete system compromise. The affected product versions are 12.x of Veeam Backup & Replication, with the issue addressed in version 12.3.2.4854; however, version 13.x is unaffected due to its different architecture. Discovered and reported by researcher Sina Kheirkhah, the vulnerability (tracked as CVE-2026-44963 with a CVSS v4 score of 9.4) underscores a pressing need for organizations to swiftly update to the latest version to avoid attack exploitation. Although Veeam is not aware of active exploits in the wild, the imminent threat of new attacks looms as soon as patches are released, highlighting the critical importance of continuous system updates across all software deployments.
Key Points:
- Veeam patched a critical remote code execution (RCE) vulnerability in Backup & Replication 12.x, allowing low-privileged users to execute code on backup servers.
- The issue does not affect version 13.x of Veeam Backup & Replication due to a different architecture.
- The vulnerability was tracked as CVE-2026-44963 and scored a CVSS v4 score of 9.4.
- Although no active in-the-wild exploits are reported, threat actors are expected to exploit it soon after patch release.
- Immediate patching is crucial to prevent potential attacks by ransomware and extortion groups that often target backup servers.
