CVE-2026-44963
published 2026-06-09CVE-2026-44963: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
PriorityP266critical9.4CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
2.04%
78.7th percentile
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_and_replication | < 12.3.2 | 12.3.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-44963 is exploitable only on Veeam Backup & Replication servers that are joined to a Windows domain; scope detection efforts to domain-joined VBR instances running version 12 builds up to and including 12.3.2.4465 ↗
- →Any low-privileged authenticated domain user can trigger the RCE; monitor for unexpected process spawning or outbound connections originating from the Veeam Backup Service (VeeamBackupSvc) process on the backup server ↗
- →Patch-diffing of version 12.3.2.4854 against 12.3.2.4465 is expected to be used by attackers to develop exploits; prioritise detection of exploitation attempts against unpatched VBR 12.x deployments immediately after patch release ↗
- →Ransomware groups historically target Veeam backup servers to steal data, perform lateral movement, and delete backups; correlate RCE exploitation of CVE-2026-44963 with subsequent backup deletion or exfiltration activity ↗
- ·Vulnerability does NOT affect Veeam Backup & Replication version 13.x builds due to architectural changes; detection rules targeting this CVE should be scoped to version 12.x only ↗
- ·Exploitation requires the backup server to be domain-joined; standalone (workgroup) VBR deployments following Veeam best practices are not affected ↗
- ·No active exploitation has been reported at time of disclosure; however, threat actor development of exploits is anticipated post-patch ↗
- ·Fixed version is 12.3.2.4854; all version 12 builds at or below 12.3.2.4465 are vulnerable ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
blogs_hackernews·2026-06-15·CVSS 8.8
CVE-2026-11645 [HIGH] ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.
This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point.
Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week.
## ⚡ Threat of the Week
Google Patches Actively Exploited Chrome 0-Day - G
Hackernews
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
blogs_hackernews·2026-06-09·CVSS 9.4
CVE-2026-44963 [CRITICAL] Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution.
Tracked as CVE-2026-44963 , the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0.
"A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory.
It credited watchTowr researcher Sina Kheirkhah for responsibly discovering and reporting the issue. It impacts Veeam Backup & Replication 12.3.2.4465 and all earlier versio
Bleepingcomputer
New Veeam vulnerability exposes backup servers to RCE attacks
blogs_bleepingcomputer·2026-06-09·CVSS 9.4
CVE-2026-44963 [CRITICAL] New Veeam vulnerability exposes backup servers to RCE attacks
## New Veeam vulnerability exposes backup servers to RCE attacks
## Sergiu Gatlan
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers.
The vulnerability (tracked as CVE-2026-44963 and reported by WatchTowr security researcher Sina Kheirkhah) affects Veeam Backup & Replication (VBR) 12.3.2.4465 and all earlier version 12 builds, and was fixed in version 12.3.2.4854 .
While any domain user with low privileges can exploit this vulnerability, the flaw only impacts Veeam Backup & Replication installations that are joined to a domain.
"A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesda
2026-06-09
Published