Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN606 _____________________________________________________________________ DATE : 09/06/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Veeam Backup & Replication versions prior to 12.3.2.4854. ===================================================================== https://www.veeam.com/kb4869 _____________________________________________________________________ Vulnerability Resolved in Veeam Backup & Replication 12.3.2.4854 KB ID: 4869 Product: Veeam Backup & Replication | 12 | 12.1 | 12.2 | 12.3 | 12.3.1 | 12.3.2 Published: 2026-06-09 Last Modified: 2026-06-09 By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice. All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 12.3.2.4854. This vulnerability does not affect any version 13.x build of Veeam Backup & Replication due to architectural changes starting in version 13. Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program (VDP) for all Veeam products and perform extensive internal code audits. When a vulnerability is identified, our team promptly develops a patch to address an mitigate the risk. In line with our dedication to transparency, we publicly disclose the vulnerability and provide detailed mitigation information. This approach ensures that all potentially affected customers can quickly implement the necessary measures to safeguard their systems. It’s important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software. This reality underscores the critical importance of ensuring that all customers use the latest versions of our software and install all updates and patches without delay. Issue Details All vulnerabilities disclosed in this article affect Veeam Backup & Replication 12.3.2.4465 and all earlier version 12 builds. This vulnerability does not affect any version 13.x build of Veeam Backup & Replication due to architectural changes starting in version 13. Note: Unsupported product versions are not tested, but are likely affected and should be considered vulnerable. CVE-2026-44963 A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. Severity: Critical CVSS v4 Score: 9.4 Source: Reported by Sina Kheirkhah [@SinSinology] of WatchTowr. Note: This vulnerability only impacts domain-joined backup servers. Solution These vulnerabilities were fixed starting with the following build: Veeam Backup & Replication 12.3.2.4854 If this KB article did not resolve your issue or you need further assistance with Veeam software, please create a Veeam Support Case. To submit feedback regarding this article, please click this link: Send Article Feedback To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================