Critical Security Advisory – Veeam Backup & Replication Vulnerability (CVE-2026-44963)

We'd like to make you aware of a critical security vulnerability (CVSS 9.4) that has recently been identified in Veeam Backup & Replication v12. This vulnerability could allow an authenticated domain user to execute remote code on affected backup servers.

Summary of the Vulnerabilities:

• CVE-2026-44963 – A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
• Important: This vulnerability only impacts domain-joined backup servers.
• Full Veeam article can be found here.

What’s Affected:

• Veeam Backup & Replication | 12 | 12.1 | 12.2 | 12.3 | 12.3.1 | 12.3.2 (builds 12.3.2.4465 and earlier)
• Version 13.x builds are not affected due to architectural changes introduced in version 13.
• Unsupported older versions have not been tested but are likely affected and should be considered vulnerable.
• The update process will not impact users.

Recommended Action:
We strongly encourage reviewing your environment to identify if you are running an affected version. The vulnerability has been resolved in Veeam Backup & Replication 12.3.2.4854, and we recommend updating to this build as soon as possible to reduce exposure. Once a vulnerability and its patch are publicly disclosed, attackers commonly attempt to reverse-engineer the fix to target unpatched deployments — so prompt patching matters here.