Security
Veeam CVE-2026-44963 patched; no active exploitation yet but ransomware risk high
- Category: Security
- Status: confirmed
- Sources: Veeam KB4696, WatchTowr analysis
- Summary: CVE-2026-44963 (CVSS v4 9.4) allows any authenticated domain user on a domain-joined Veeam Backup and Replication v12 server (up to 12.3.2.4465) to execute arbitrary code on the backup server. No admin privileges required. Patched in 12.3.2.4854 (released 2026-06-09). v13.x is not affected. No active exploitation confirmed as of 2026-06-12, but prior Veeam CVEs (CVE-2024-40711) were weaponized by Akira and Fog ransomware within weeks of disclosure.
- Why it matters: Backup servers are ransomware operators' highest-value lateral movement target; the low privilege bar for exploitation makes this a near-certain ransomware precursor without rapid patching.