313/69 Thursday, June 11, 2026
Veeam has released a security update to address a critical vulnerability in its Veeam Backup & Replication software, an enterprise backup and recovery platform widely used by organizations. The vulnerability could allow an authenticated domain user to execute code remotely on a backup server, potentially enabling unauthorized access to and control of critical backup infrastructure. Given the central role of backup systems in enterprise environments, successful exploitation could have significant security implications.
The vulnerability, tracked as CVE-2026-44963, has been assigned a CVSS score of 9.4 and was discovered and reported by security researchers from watchTowr. The flaw affects Veeam Backup & Replication version 12.3.2.4465 and all earlier releases in the version 12 branch. According to Veeam, version 13 is not affected due to architectural changes introduced in the newer release. The issue has been fully addressed in Veeam Backup & Replication version 12.3.2.4854.
To mitigate the risk, organizations should immediately identify affected systems and upgrade Veeam Backup & Replication to the latest patched version. Prompt patching is particularly important given the history of similar vulnerabilities in backup and recovery products being exploited by ransomware operators. Notably, previous vulnerabilities disclosed in March 2026 were leveraged by cybercriminal groups as an initial access vector for ransomware attacks. Organizations are therefore strongly advised to prioritize remediation, review access controls for backup infrastructure, and monitor backup servers for signs of suspicious activity.
Source https://thehackernews.com/2026/06/veeam-backup-replication-rce-flaw-lets.html