**Veeam** has issued urgent security patches for its **Backup & Replication** software, addressing a severe vulnerability that could lead to remote code execution (RCE). ### The Vulnerability: CVE-2026-44963 The flaw, identified as **CVE-2026-44963**, boasts a high CVSS score of 9.4 out of a possible 10.0. According to **Veeam**'s advisory, this vulnerability enables an authenticated domain user to achieve RCE on the Backup Server. Security researcher **Sina Kheirkhah** from **watchTowr** is credited with the responsible disclosure of this critical issue. ### Affected Versions and Patches The vulnerability impacts **Veeam Backup & Replication** version 12.3.2.4465 and all earlier builds within the version 12 series. Notably, **Veeam** has confirmed that version 13.x builds of the software are not affected, thanks to significant architectural changes introduced in that iteration. To remediate this threat, users must update their software to **Veeam Backup & Replication** version 12.3.2.4854. ### Prior Incidents and Importance of Updates This isn't the first time **Veeam** has had to address critical vulnerabilities in its backup solutions. In March 2026, the company resolved multiple critical flaws in the same software that could also have led to remote code execution upon successful exploitation. Given that previous vulnerabilities in **Veeam** products have been actively exploited by malicious actors, including ransomware groups, applying these patches promptly is paramount for maintaining data integrity and system security. Organizations are strongly advised to prioritize this update to safeguard their backup infrastructure.