• Category: Security
  • Status: confirmed
  • Sources: Veeam KB4696, Security Affairs
  • Summary: Veeam patched CVE-2026-44963 (CVSS v4 9.4) in Veeam Backup and Replication 12.3.2.4854, released 2026-06-09 via KB4696. Any authenticated Active Directory domain user on a domain-joined backup server can exploit the flaw to execute arbitrary code on that server. All v12 builds through 12.3.2.4465 are affected; version 13.x is not affected due to architectural changes introduced in that major version. No exploitation was observed at time of disclosure.
  • Why it matters: Backup servers are primary ransomware targets; domain-joined Veeam v12 deployments should apply KB4696 immediately or isolate backup servers from Active Directory if patching must be delayed.

Send feedback on this story