Remote Code Execution Vulnerability in Veeam Backup Server
CVE-2026-44963

9.4CRITICAL

Key Information:

Vendor

Veeam
Status
Backup And Replication
Vendor
CVE Published:
9 June 2026

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2026-44963?

A vulnerability exists in the Veeam Backup Server that allows authenticated domain users to execute arbitrary code remotely. This could lead to unauthorized access and control over sensitive data, compromising the integrity and security of the server. Users are advised to take immediate action by applying the recommended patches to mitigate the risk.

Affected Version(s)

Backup and Replication 0 < 12.3.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-44963
Created by HORKimhab

News Articles

favicon imageThe Hacker News

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Veeam fixes CVE-2026-44963 RCE in 12 builds, blocking authenticated domain users from attacking backup servers.

3 weeks ago

References

https://www.veeam.com/kb4869

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.