EXECUTIVE SUMMARY:
CVE-2026-44963 with a CVSS score of 9.4 is a remote code execution vulnerability affecting Veeam Backup & Replication servers that are domain‑joined and running version 12.3.2.4465 or any earlier 12.x build. The flaw resides in the authentication module where an authenticated domain user can submit specially crafted requests to the backup service’s management API, causing the server to deserialize untrusted data and execute arbitrary commands with SYSTEM privileges. Exploitation requires only valid domain credentials and network access to the backup server’s HTTP interface; no additional privileges or client‑side interaction are needed. Once triggered, the attacker can deploy malicious binaries, alter backup configurations, exfiltrate protected data, or disable backup jobs, effectively compromising the organization’s data recovery capability. The business impact includes loss of data integrity, potential ransomware deployment, and prolonged downtime for critical services that rely on backup restoration, leading to financial loss and reputational damage. Exploitation is limited to environments where the backup server is joined to an Active Directory domain; isolated workgroup deployments remain unaffected.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-44963 with a CVSS score of 9.4 is a remote code execution vulnerability affecting Veeam Backup & Replication servers that are domain‑joined and running version 12.3.2.4465 or any earlier 12.x build. The flaw resides in the authentication module where an authenticated domain user can submit specially crafted requests to the backup service’s management API, causing the server to deserialize untrusted data and execute arbitrary commands with SYSTEM privileges. Exploitation requires only valid domain credentials and network access to the backup server’s HTTP interface; no additional privileges or client‑side interaction are needed. Once triggered, the attacker can deploy malicious binaries, alter backup configurations, exfiltrate protected data, or disable backup jobs, effectively compromising the organization’s data recovery capability. The business impact includes loss of data integrity, potential ransomware deployment, and prolonged downtime for critical services that rely on backup restoration, leading to financial loss and reputational damage. Exploitation is limited to environments where the backup server is joined to an Active Directory domain; isolated workgroup deployments remain unaffected.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/veeam-backup-vulnerability-rce/