Veeam releases security update for critical backup server vulnerability

Coverage from Bleeping Computer indicates that Veeam has released security updates to address a critical vulnerability in its Backup & Replication software. This flaw, if exploited, could allow an authenticated domain user to achieve remote code execution on domain-joined backup servers.

The vulnerability, tracked as CVE-2026-44963, affects Veeam Backup & Replication (VBR) versions 12.3.2.4465 and earlier, with the fix available in version 12.3.2.4854. While Veeam's best practice is to avoid joining backup servers to a Windows domain, many organizations have done so. This makes them susceptible to exploitation by low-privilege domain users. Although there are no current reports of active exploitation, Veeam warns that attackers often develop exploits once patches are disclosed. Ransomware gangs frequently target Veeam backup servers to steal data, move laterally within networks, and delete backups to hinder recovery.

The Cybersecurity and Infrastructure Security Agency (CISA) has previously flagged four VBR flaws as actively exploited, often by ransomware groups such as Akira, Fog, and Frag. The FIN7 threat group and the Cuba ransomware gang have also been linked to attacks exploiting VBR vulnerabilities. Veeam's software is widely used, with over 550,000 customers globally, including a significant percentage of Fortune 500 and Global 2,000 companies.

Source: Bleeping Computer