Veeam Backup & Replication domain-joined backup server RCE flaw (CVE-2026-44963)
Vulnerability
Summary
Hide ▲
Show ▼
The CVE-2026-44963 flaw in Veeam Backup & Replication exposes domain-joined backup servers to remote code execution until admins move to 12.3.2.4854. The issue affects VBR 12.3.2.4465 and earlier version 12 builds, creating elevated risk for backup infrastructure that is joined to a Windows domain.
Related Happenings
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
Timeline
-
09.06.2026 17:27 2 articles · 2h ago
Veeam patches CVE-2026-44963 in Backup & Replication
Mitigation Patch UpdateVeeam releases security updates for CVE-2026-44963, a critical Backup & Replication flaw that can let an authenticated domain user gain remote code execution on domain-joined backup servers. The issue affects VBR 12.3.2.4465 and earlier version 12 builds, while 12.3.2.4854 fixes it and version 13.x is not affected. Veeam said there are no reports of active exploitation yet.
Show sources
- New Veeam vulnerability exposes backup servers to RCE attacks — www.bleepingcomputer.com — 09.06.2026 17:27
- New Veeam vulnerability exposes backup servers to RCE attacks — www.bleepingcomputer.com — 09.06.2026 17:27