Skip to content
Tech News
← Back to articles

New Veeam vulnerability exposes backup servers to RCE attacks

2026-06-09 | original
read original get Veeam Backup & Replication → more articles

Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers.

The vulnerability (tracked as CVE-2026-44963 and reported by WatchTowr security researcher Sina Kheirkhah) affects Veeam Backup & Replication (VBR) 12.3.2.4465 and all earlier version 12 builds, and was fixed in version 12.3.2.4854.

While any domain user with low privileges can exploit this vulnerability, the flaw only impacts Veeam Backup & Replication installations that are joined to a domain.

"A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. "This vulnerability does not affect any version 13.x build of Veeam Backup & Replication due to architectural changes starting in version 13."

However, unfortunately, many companies have joined their Veeam servers to a Windows domain, ignoring Veeam's long-standing best practices.

While there are no reports of active exploitation, Veeam warned that attackers will often begin developing exploits as soon as patches are released.

"It's important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software," the company added. "This reality underscores the critical importance of ensuring that all customers use the latest versions of our software and install all updates and patches without delay."

Often targeted in ransomware attacks

Ransomware gangs have told BleepingComputer in the past that they always target Veeam backup servers because this allows them to steal sensitive data, move within breached networks, and block restoration efforts by deleting victims' backups.

In recent years, the Cybersecurity and Infrastructure Security Agency (CISA) has flagged four Veeam Backup & Replication flaws as actively exploited in attacks, all of which have been abused by ransomware gangs.

... continue reading

Explore topics: backup backup replication domain ransomware replication
Related:
The FBI built its own replica small town to simulate real-world cyberattacks
Ukrainian national pleads guilty to role in Conti ransomware operation
The Future of Email
Why a Premium Domain May Be the Smartest Seven-Figure Investment You’ll Ever Make — Here’s Why
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

© 2026 GoKawiil

About | Editorial Policy | Contact