World

Veeam patches critical Backup & Replication RCE vulnerability affecting domain-joined servers

AI-Generated Summary

2 sources

8 hours ago

1 views

Veeam patches critical Backup & Replication RCE vulnerability affecting domain-joined servers — Photo: The Hacker News

Key Points

Veeam releases security patches for a critical vulnerability in Backup & Replication.
The flaw is tracked as CVE-2026-44963.
The reported CVSS score is 9.4/10.0.
Exploitation can enable remote code execution on the Backup Server.
Veeam describes the attacker as an authenticated domain user and the target as domain-joined backup servers.

Veeam releases security updates to address a critical vulnerability in its Backup & Replication software that could allow remote code execution (RCE) on backup servers. Multiple outlets report that the issue is tracked as CVE-2026-44963 and is rated with a CVSS score of 9.4 out of 10.0. According to Veeam’s advisory language cited in the reports, the flaw can be exploited by an authenticated domain user to achieve RCE on a Backup Server when the server is domain-joined. The updates are intended to eliminate the risk by patching the affected components of Veeam Backup & Replication. The reports indicate the problem is serious because it involves code execution rather than denial of service or information disclosure, and because exploitation requires authenticated access within a domain environment. Organizations using Veeam Backup & Replication are advised to apply the released patches to mitigate potential exploitation.

How Outlets Covered This Story

THE

The Hacker News

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It

7 hours ago

BLE

Bleeping Computer

New Veeam vulnerability exposes backup servers to RCE attacks

Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]

9 hours ago

Former Air Canada captain charged over alleged hundreds of flights without required licence

Canadian police charge a former Air Canada pilot with flying for years without the proper licence, according to multiple...

3 sources 11 hours ago

World

Nick Reiner asks court to unlock $1.5 million trust for his murder defense

Nick Reiner, the son of late filmmaker Rob Reiner and producer Michele Singer Reiner, asks a Los Angeles County court to...

8 sources 9 hours ago

World

Federal courts raise constitutional concerns over Alabama’s nitrogen gas execution method

Federal courts in the United States are challenging Alabama’s planned use of nitrogen gas for executions. A federal appe...

4 sources 22 hours ago

Story at a Glance

Sources reporting 2

Countries 1

First reported 8 hours ago

Last updated 5 hours ago

Total views 1

Source Spectrum

Story Timeline

2 updates

7 hours ago

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

The Hacker News

9 hours ago

New Veeam vulnerability exposes backup servers to RCE attacks

Bleeping Computer

Trending Now

Airlines cancel flights and add charges amid jet fuel price surge 2 sources · 153 views

House bill proposes $130 EV registration fee in bipartisan highway package 1 sources · 81 views

Passengers evacuated from MV Hondius after suspected hantavirus outbreak as quarantines begin 67 sources · 69 views

Ted Turner, CNN founder and media pioneer, dies at 87 68 sources · 62 views

Christiane Amanpour says she is concerned about Paramount Skydance’s potential CNN takeover 4 sources · 61 views

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

Customize

Essential cookies

There are some cookies that we have to include in order for certain web pages to function. For this reason, they do not require your consent.

newsummcom_cookie_consent

1 year

Used to store the user's cookie consent preferences.
newsummcom-session

2 hours

Used to identify the user's browsing session.
XSRF-TOKEN

2 hours

Used to secure both the user and our website against cross-site request forgery attacks.

More details

Analytics cookies

We use these for internal research on how we can improve the service we provide for all our users. These cookies assess how you interact with our website.

_ga

1 year

Main cookie used by Google Analytics, enables a service to distinguish one visitor from another.
_ga_C4G3ZKSPLV

1 year

Used by Google Analytics to persist session state.
_gid

1 day

Used by Google Analytics to identify the user.
_gat

1 minute

Used by Google Analytics to throttle the request rate.

More details

Advertising

Cookies used by Google and its partners to deliver and measure advertisements. Set only with your consent.

__gads

1 year

Used by Google to measure ad interactions and prevent the same ads from being shown too often.
__gpi

1 year

Used by Google to store information about how you use the site and any other advertisement before visiting the site.
IDE

1 year

Set by Google DoubleClick to register and report a user's actions after viewing or clicking an advertisement, to measure ad effectiveness.

More details