Veeam Backup BinaryFormatter Flaw Enables Remote Code Execution
ID: 05d4378f-da84-5f03-b2d1-d996923c8bab
STIX ID: report--05d4378f-da84-5f03-b2d1-d996923c8bab
Feed Name: GBHackers
A deserialization vulnerability (CVE-2026-44963) in Veeam Backup & Replication enables authenticated low-privilege domain users to execute arbitrary commands as the Veeam Backup Service (typically SYSTEM) by abusing BinaryFormatter deserialization (DataSet → ObjectDataProvider gadget chain) over the .NET Remoting endpoint on TCP/8000; Veeam's 12.x fix simply updated a blacklist while 13.x removed the BinaryFormatter pipeline. Organizations running 12.x should patch immediately, limit access to TCP/8000, and consider workgroup deployment to reduce exposure.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
