- CVE: CVE-2026-44963
- CVSS: 9.4 (Critical · CVSSv4)
- Product: Veeam Backup and Replication
- Affected: < 12.3.2
- Impact: Remote Code Execution
- Status: No confirmed exploitation yet
- Patched in: 12.3.2
- EPSS: 2.0% (30-day)
- Action: Update to 12.3.2 now
TL;DR Summary
WatchTowr researchers disclosed a critical remote code execution flaw in Veeam Backup & Replication. The vulnerability, tracked as CVE-2026-44963, carries a severe CVSS score of 9.4. Consequently, it allows an authenticated domain user to run arbitrary code on the backup server.
Why This Matters
Veeam Backup & Replication protects critical data for large enterprises and managed service providers. Ransomware groups frequently target these backup servers first. Consequently, attackers use compromised systems for fast lateral movement across networks. Furthermore, they steal sensitive data directly from the storage. Ultimately, threat actors delete existing backups to block recovery efforts and force ransom payments.
Mechanism of Attack
Specifically, an authenticated domain user sends crafted requests to the target backup server. The vulnerable application processes these specific requests without proper input validation. Therefore, this specific failure allows the attacker to execute arbitrary commands remotely on the host machine.
Affected Versions
This security flaw impacts Veeam Backup & Replication version 12.3.2.4465 and all earlier version 12 builds. Version 13.x builds remain completely safe due to major architectural changes. Additionally, unsupported older product versions likely contain the same dangerous vulnerability.
Patch and Mitigation Steps
Veeam resolved these issues starting with build 12.3.2.4854. Administrators must deploy this update immediately to secure their networks. Review the official security guidance directly in the Veeam knowledge base article.
Exploitation Status
Currently, no confirmed exploitation of CVE-2026-44963 exists in the wild. However, financially motivated groups like FIN7 and Cuba previously exploited older Veeam flaws, such as CVE-2023-27532. Therefore, proactive patching remains critical.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.