Ethical Hacking News
A critical vulnerability has been discovered in Veeam Backup & Replication, allowing domain users to execute remote code on the server. The patch is now available, but it highlights the importance of keeping software up-to-date and applying patches promptly. By prioritizing vulnerability management, organizations can reduce their risk exposure and ensure data integrity.
Veeam has addressed a critical vulnerability (CVE-2026-44963) in its Veeam Backup & Replication software with a CVSS score of 9.4. The vulnerability allows authenticated domain users to execute remote code on the Backup Server, potentially leading to unauthorized access and data theft. The issue affects version 12.3.2.4465 and earlier, but not version 13.x builds. A patch has been released (version 12.3.2.4854) to address the vulnerability. Organizations should prioritize patching and vulnerability management to reduce risk exposure and ensure data integrity.
Veeam, a leading provider of backup and replication software, has recently addressed a critical vulnerability in its flagship product, Veeam Backup & Replication. The vulnerability, tracked as CVE-2026-44963, carries a CVSS score of 9.4 out of a maximum of 10.0, indicating that it is considered "Critical" by the Software Development Kit (SDK) for vulnerabilities. This critical flaw allows authenticated domain users to execute remote code on the Backup Server.
The vulnerability was discovered and reported by Sina Kheirkhah, a researcher at watchTowr, who has been credited by Veeam for responsibly disclosing this issue. According to Veeam's advisory, the impact of this vulnerability is significant, as it can allow an attacker to execute arbitrary code on the Backup Server, potentially leading to unauthorized access, data theft, or even ransomware attacks.
The vulnerability was found in Veeam Backup & Replication version 12.3.2.4465 and all earlier versions of 12 builds, but not in version 13.x builds due to architectural changes introduced in that release. Thankfully, a patch for this vulnerability has been released, which addresses the shortcoming in Veeam Backup & Replication version 12.3.2.4854.
This latest security flaw highlights the importance of keeping software up-to-date and applying patches promptly. In recent months, Veeam has resolved multiple critical vulnerabilities in its Backup & Replication software that could result in remote code execution if successfully exploited by attackers. These prior vulnerabilities have already been exploited by malicious actors, including ransomware groups, emphasizing the need for users to update their software to the latest version.
In today's increasingly complex and interconnected world of cybersecurity threats, it is essential that organizations prioritize vulnerability management and patching strategies. As AI agents become more prevalent in both offensive and defensive roles, protecting against zero-day vulnerabilities becomes a top priority. The recent discovery of this Veeam Backup & Replication vulnerability serves as a stark reminder to stay vigilant and proactive in defending against emerging threats.
In conclusion, the recently disclosed Veeam Backup & Replication vulnerability highlights the importance of patching and vulnerability management in today's fast-paced cybersecurity landscape. By staying informed about emerging vulnerabilities and applying patches promptly, organizations can reduce their risk exposure and ensure the integrity of their data and systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Veeam-Backup--Replication-Vulnerability-Exposes-Domain-Users-to-Remote-Code-Execution-ehn.shtml
https://thehackernews.com/2026/06/veeam-backup-replication-rce-flaw-lets.html
Published: Wed Jun 10 14:20:17 2026 by llama3.2 3B Q4_K_M
