6 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-44963 is a critical remote code execution vulnerability affecting Veeam Backup & Replication.
The vulnerability impacts domain-joined backup servers running affected version 12 releases. Successful exploitation could allow attackers to execute arbitrary code within the backup environment, potentially leading to compromise of backup infrastructure, unauthorized access to backup repositories, disruption of recovery operations, and further lateral movement within enterprise environments.
Veeam has not reported active exploitation in the wild, but organizations should treat remediation as a high priority due to the critical severity and the sensitive nature of backup systems.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Remote Code Execution Vulnerability in Veeam Backup & Replication
Identifier: CVE-2026-44963
PoC or Exploitation: Based on Veeam's advisory and public reporting, there are no confirmed reports of active exploitation in the wild and no validated public proof-of-concept exploit code.
CVSS Score: 9.4 (Critical, CVSS v4.0)
Update / Patch:
Veeam has released a security update addressing this vulnerability.
Affected versions include:
- Veeam Backup & Replication 12.3.2.4465
- All earlier version 12 builds
Affected condition:
- The vulnerability only impacts domain-joined backup servers.
Fixed version:
- Veeam Backup & Replication 12.3.2.4854
Not affected:
Veeam Backup & Replication 13.x builds
Vendor advisory and patch guidance:
Description:
CVE-2026-44963 is a critical remote code execution vulnerability affecting Veeam Backup & Replication.
Successful exploitation could allow attackers to execute arbitrary code within the backup environment, potentially leading to compromise of backup infrastructure, unauthorized access to backup repositories, disruption of recovery operations, and further lateral movement within enterprise environments.
Mitigation Recommendation:
Immediately upgrade affected Veeam Backup & Replication deployments to version 12.3.2.4854 or later.
Prioritize remediation of domain-joined backup servers, as these systems are specifically identified as vulnerable.
Review backup server logs, security events, and administrative activity for signs of unauthorized access or suspicious behavior.
Restrict administrative access to backup infrastructure and review permissions assigned to backup operators and service accounts.
Monitor backup infrastructure for indicators of compromise and investigate any anomalous activity involving backup services.
