• Category: Security
  • Status: confirmed
  • Sources: Veeam KB4696, WatchTowr analysis
  • Summary: CVE-2026-44963 (CVSS v4 9.4) allows any authenticated domain user on a domain-joined Veeam Backup and Replication v12 server (up to 12.3.2.4465) to execute arbitrary code on the backup server. No admin privileges required. Patched in 12.3.2.4854 (released 2026-06-09). v13.x is not affected. No active exploitation confirmed as of 2026-06-12, but prior Veeam CVEs (CVE-2024-40711) were weaponized by Akira and Fog ransomware within weeks of disclosure.
  • Why it matters: Backup servers are ransomware operators' highest-value lateral movement target; the low privilege bar for exploitation makes this a near-certain ransomware precursor without rapid patching.

Send feedback on this story