New Veeam Vulnerability Exposes Backup Servers to RCE Attacks

Veeam Backup & Replication has a critical RCE vulnerability (CVE-2026-44963, CVSS 9.4) that allows authenticated domain users to execute code as SYSTEM on domain-joined backup servers, creating a severe ransomware-enablement risk by enabling deletion or encryption of backups; organizations should apply Veeam's patches immediately, isolate backup servers if necessary, audit service account permissions, and implement immutability and air-gapped backups.