CVE-2026-44963 - Vulnerability Details

- Authenticated Domain User Remote Code Execution in Veeam Backup Server

Description

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

Published: 2026-06-09

Score: 9.4 Critical

EPSS: 2.0% Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in Veeam Backup and Replication enables an authenticated domain user to execute arbitrary code on the Backup Server. The vulnerability permits full control over the server, and based on the description it is inferred that an attacker could compromise backup data and its integrity. The weakness is an instance of CWE‑502, insecure deserialization, which can directly lead to remote code execution.

Affected Systems

The affected product is Veeam Backup and Replication. All installations of the Backup Server component are potentially impacted, as specific version information is not provided. The flaw requires the attacker to have domain credentials that allow them to connect to the Backup Server.

Risk and Exploitability

The CVSS score of 9.4 classifies this as Critical, indicating a severe threat. The EPSS score of 2% shows a low but nonzero likelihood of exploitation. The vulnerability is not presently listed in CISA KEV, implying no confirmed active exploitation at this time. The attack vector requires an authenticated domain user with access to the Backup Server, limiting exposure to users with domain credentials but remaining a high‑risk scenario due to the possibility of complete server compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Veeam

Backup and Replication

unaffected

Version	Status	Constraints
`0`	affected	< 12.3.2

No data.

Vendor Product Confidence Versions

Veeam

Backup And Replication

100%

Version	Status	Scheme	Platform
`[0,12.3.2)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Veeam patch that addresses this RCE flaw; the update is documented in the Veeam knowledge base article referenced at https://www.veeam.com/kb4869
Restrict domain user access to the Backup Server by enforcing least‑privilege principles, allowing only essential users to authenticate
Enable detailed logging on the Backup Server and monitor for anomalous authentication or command‑execution patterns

Generated by OpenCVE AI on June 24, 2026 at 12:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02042.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.veeam.com/kb4869

History

Wed, 24 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Title		Authenticated Domain User Remote Code Execution in Veeam Backup Server

Wed, 24 Jun 2026 08:15:00 +0000

Type	Values Removed	Values Added
Title	Remote Code Execution via Authenticated Domain User in Veeam Backup Server

Wed, 24 Jun 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		Remote Code Execution via Authenticated Domain User in Veeam Backup Server

Tue, 23 Jun 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title	Domain User Remote Code Execution in Veeam Backup Server

Tue, 23 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Title		Domain User Remote Code Execution in Veeam Backup Server

Wed, 10 Jun 2026 10:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 10 Jun 2026 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Veeam Veeam backup And Replication
Vendors & Products		Veeam Veeam backup And Replication

Tue, 09 Jun 2026 23:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Weaknesses		CWE-502
References		https://www.veeam.com/kb4869
Metrics		cvssV4_0 `{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

Subscriptions

Veeam Backup And Replication

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2026-06-09T22:27:01.735Z

Updated: 2026-06-10T10:04:13.073Z

Reserved: 2026-05-08T15:00:02.447Z

Link: CVE-2026-44963

Vulnrichment

Updated: 2026-06-10T10:04:08.136Z

NVD

Status : Awaiting Analysis

Published: 2026-06-09T23:16:52.617

Modified: 2026-06-10T20:58:14.500

Link: CVE-2026-44963

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T12:15:05Z

Weaknesses

CWE-502
Deserialization of Untrusted Data

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object