CVE-2026-44963

Vulnerability

A critical vulnerability exists in Veeam Backup & Replication versions 12.3.2.4465 and all earlier version 12 builds, allowing for remote code execution on the Backup Server. This vulnerability does not affect version 13.x due to architectural changes. Unsupported product versions are also likely affected [1].

Exploitation

An attacker with authenticated domain user privileges can exploit this vulnerability remotely. The specific steps required for exploitation are not detailed in the available references, but the CVSS vector indicates a low attack complexity and no user interaction is needed [1].

Impact

Successful exploitation of this vulnerability grants an attacker the ability to execute remote code on the Backup Server. This can lead to a high impact on confidentiality, integrity, and availability, potentially resulting in a full compromise of the backup server and its data [1].

Mitigation

Veeam Backup & Replication 12.3.2.4854 resolves this vulnerability. Version 13.x is not affected. Customers are urged to update to the latest version to safeguard their systems. No workarounds are mentioned, and unsupported versions should be considered vulnerable [1].