Veeam has issued crucial updates to rectify a significant security vulnerability in its Backup & Replication software, which posed a risk of remote code execution. Identified as CVE-2026-44963, this flaw has been assigned a high severity rating with a CVSS score of 9.4 out of 10, underscoring the urgency for users to apply the patch.
Details of the Security Flaw
This vulnerability permits an authenticated domain user to execute code remotely on the Backup Server. Veeam disclosed this vulnerability in a recent advisory released on Tuesday. The company acknowledged Sina Kheirkhah, a researcher from watchTowr, for the responsible discovery and reporting of the issue.
All builds of Veeam Backup & Replication version 12.3.2.4465 and earlier are affected. However, the newer architectural changes in version 13.x have safeguarded these builds from this specific vulnerability.
Patch Availability and Recommendations
To mitigate the risk, Veeam has resolved the issue in version 12.3.2.4854 of the Backup & Replication software. Users are strongly recommended to update to this latest version to protect their systems from potential exploitation.
This update is part of Veeam’s ongoing efforts to enhance security. In March 2026, the company had also addressed multiple critical vulnerabilities that could lead to remote code execution if exploited.
Importance of Timely Updates
Keeping software up-to-date is essential for maintaining security integrity, especially since past vulnerabilities in Veeam’s software have been targets for cybercriminals, including ransomware groups. Prompt application of security patches helps prevent unauthorized access and potential data breaches.
As cyber threats evolve, users must remain vigilant and proactive in applying software updates to protect their digital assets. Veeam’s consistent patch releases serve as a reminder of the dynamic nature of cybersecurity challenges.
