PatchSiren cyber security CVE debrief
CVE-2026-44963 Veeam CVE debrief
CVE-2026-44963 is a critical vulnerability with a CVSS score of 9.4, allowing remote code execution (RCE) on a Backup Server by an authenticated domain user. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-44963) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-44963).
- Vendor
- Veeam
- Product
- Backup and Replication
- CVSS
- CRITICAL 9.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Backup Servers, particularly those using Veeam products, should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability has a CVSS vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. It is classified under CWE-502.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as possible.
- Restrict access to the Backup Server to only necessary personnel.
- Monitor the Backup Server for suspicious activity.
Evidence notes
The vendor is identified as Unknown Vendor, but there is evidence suggesting the product may be related to Veeam.
Official resources
-
CVE-2026-44963 CVE record
CVE.org
-
CVE-2026-44963 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-44963 was published on 2026-06-09T23:16:52.617Z and last modified on 2026-06-10T20:58:14.500Z.