Veeam has released a patch for a critical flaw in its Backup & Replication software that could let an authenticated domain user run code remotely on a backup server. The vulnerability, tracked as CVE-2026-44963, carries a CVSS score of 9.4.
KEY FACTS
- Severity The flaw is rated 9.4 out of 10.
- Affected versions Backup & Replication 12.3.2.4465 and earlier 12.x builds are impacted.
- Fixed version Veeam Backup & Replication 12.3.2.4854 addresses the issue.
- Unaffected builds Version 13.x is not affected because of architectural changes.
- Discovery watchTowr researcher Sina Kheirkhah reported the issue.
In a Tuesday advisory, Veeam said the bug could allow remote code execution on the Backup Server by an authenticated domain user. The company said the problem affects only certain 12.x releases and does not affect version 13.x builds.
The disclosure said the issue has been corrected in version 12.3.2.4854. Veeam also said the flaw was responsibly reported by watchTowr researcher Sina Kheirkhah.
Veeam said the vulnerability stems from a condition that can lead to code execution on the backup server. The company did not say whether it had seen active exploitation.
In March 2026, the company fixed multiple other critical Backup & Replication flaws that could also have allowed remote code execution.
WHY IT MATTERS
Backup software is a high-value target because it can hold sensitive data and recovery systems. Users running affected versions are being urged to update, especially after prior flaws in the product were linked to abuse by ransomware groups.