July 3, 2026
CVE_2026_44963 Veeam RCE
CVE_2026_44963 Veeam Backup and Replication Authenticated RCE

By suce
Introduction
Every sysadmin is familiar with Veeam's enterprise backup solution, Veeam Backup & Replication. Unfortunately, so is attackers. Today, we're going to look at the latest vulnerability — CVE-2026–44963. This vulnerability was reported by Sina Kheirkhah @SinSinology of WatchTowr. Veeam advisory tells us that it affects version 12.3.2.4465 below and full patched at 12.3.2.4854. WatchTowr has already published 2 blog posts about previous RCEs, CVE-2024–40711 and CVE-2025–23120 which been a big help for understanding the .NET Remoting internals and .NET deserialization. Don't forget to check them out.
Let's start!