Veeam has released critical security updates to address a remote code execution (RCE) vulnerability, tracked as CVE-2026-44963, within its Backup & Replication (VBR) software. The flaw allows any low-privileged domain user to achieve RCE on VBR installations that are joined to a Windows domain. While architectural changes in version 13.x prevent this issue, all version 12 builds prior to 12.3.2.4854 remain vulnerable and require immediate patching.
Cybersecurity experts warn that Veeam servers are high-value targets for ransomware operations, including groups like Akira, Fog, and Frag, which frequently exploit such vulnerabilities to exfiltrate data and disrupt recovery efforts. Because many organizations continue to join backup servers to domains against long-standing best practices, this vulnerability presents a significant risk for lateral movement and data destruction within enterprise environments.
Top comments (0)