CVE-2026-44963 – Veeam Backup and Replication
CVSS 9.4
CRITICAL
Critical or Zero Day – Immediate Deployment
“Backup systems are trusted assets, which makes remote code execution vulnerabilities especially dangerous.”
Veeam patched CVE-2026-44963 in Backup and Replication. This deserialization vulnerability (CWE-502) allows remote code execution on the Backup Server by an authenticated domain user. The CVSS score is 9.4, which is Critical severity.
Successful exploitation could allow an attacker to execute arbitrary code on the Backup Server, potentially compromising backup operations and the broader environment. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- CWE Classification
- CWE-502
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.