logo

Veeam Backup BinaryFormatter Flaw Enables Remote Code Execution

ID: 05d4378f-da84-5f03-b2d1-d996923c8bab

STIX ID: report--05d4378f-da84-5f03-b2d1-d996923c8bab

Feed Name: GBHackers

Threat Score
80/100

Date Published: 2026-07-06

Date Updated: 2026-07-06

Author: Divya

...
...

A deserialization vulnerability (CVE-2026-44963) in Veeam Backup & Replication enables authenticated low-privilege domain users to execute arbitrary commands as the Veeam Backup Service (typically SYSTEM) by abusing BinaryFormatter deserialization (DataSet → ObjectDataProvider gadget chain) over the .NET Remoting endpoint on TCP/8000; Veeam's 12.x fix simply updated a blacklist while 13.x removed the BinaryFormatter pipeline. Organizations running 12.x should patch immediately, limit access to TCP/8000, and consider workgroup deployment to reduce exposure.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.