Veeam Releases Security Advisory for Critical Vulnerability in Backup & Replication

CVE‑2026‑44963 allows authenticated attackers to execute remote code on Veeam Backup & Replication servers.

Threat ID:: CC-4794
Threat Severity:: Medium
Published:: 9 June 2026 1:52 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE‑2026‑44963 allows authenticated attackers to execute remote code on Veeam Backup & Replication servers.

Affected platforms

The following platforms are known to be affected:

Veeam Backup & Replication

All prior to 12.3.2.4854
End-of-life versions should be considered vulnerable

Note: Any version of 13.x build is unaffected.

Threat details

Introduction

Veeam has released a security advisory to address a critical vulnerability in Veeam Backup & Replication. Successful exploitation could allow a remote authenticated attacker with domain user privileges to execute remote code on affected backup servers.

CVE-2026-44963 - Remote code execution vulnerability - CVSSv4 Base Score: 9.4

Remediation advice

Affected organisations are encouraged to review Veeam advisory KB4869 and apply the relevant update as soon as possible.

Definitive source of threat updates

https://www.veeam.com/kb4869

CVE Vulnerabilities

Status Reserved

CVE-2026-44963

Last edited: 9 June 2026 1:52 pm