Full Report
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It
Analysis Summary
# Vulnerability: Veeam Backup & Replication Remote Code Execution (RCE)
## CVE Details
- **CVE ID:** CVE-2026-44963
- **CVSS Score:** 9.4 (Critical)
- **CWE:** Not specified (typically associated with Improper Input Validation or Insecure Deserialization in this context)
## Affected Systems
- **Products:** Veeam Backup & Replication
- **Versions:** 12.3.2.4465 and all earlier builds of version 12.
- **Configurations:** Systems where the Backup Server is accessible to authenticated domain users.
## Vulnerability Description
CVE-2026-44963 is a critical vulnerability that allows an authenticated domain user to achieve Remote Code Execution (RCE) on the Backup Server. Under specific conditions, an attacker with valid domain credentials can send specially crafted requests to the backup software, bypassing security controls to execute arbitrary commands with high privileges on the server.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; however, Veeam notes that previous vulnerabilities in this product have been heavily targeted by ransomware groups.
- **Complexity:** Low to Medium (Requires domain authentication).
- **Attack Vector:** Network (Authenticated).
## Impact
- **Confidentiality:** High (Full access to backup data and server files).
- **Integrity:** High (Ability to modify or delete backups and system configurations).
- **Availability:** High (Potential for total system compromise or ransomware encryption).
## Remediation
### Patches
- **Veeam Backup & Replication version 12.3.2.4854** addresses this flaw.
- **Note:** Version 13.x builds are **not affected** due to architectural changes.
### Workarounds
- No specific workarounds were provided; immediate patching is the recommended course of action.
- As a general security measure, follow the principle of least privilege by restricting domain user access to backup infrastructure.
## Detection
- **Indicators of Compromise:** Monitor for unusual service account activity or unexpected processes originating from the Veeam Backup service.
- **Detection methods and tools:** Audit Backup Server logs for connections from unauthorized domain users and review Windows Event Logs for suspicious command-line executions.
## References
- **Vendor Advisory:** hxxps[://]www[.]veeam[.]com/kb4869
- **Source Article:** hxxps[://]thehackernews[.]com/2026/06/veeam-backup-replication-rce-flaw-lets[.]html