RCE via Authenticated Domain User on Backup Server
CVE-2026-44963 Published on June 9, 2026

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-44963 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Affected Versions

Veeam Backup and Replication:

Before 12.3.2 is affected.

Exploit Probability

EPSS

0.89%

Percentile

54.53%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

RCE via Authenticated Domain User on Backup ServerCVE-2026-44963 Published on June 9, 2026

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Affected Versions

Exploit Probability

RCE via Authenticated Domain User on Backup Server
CVE-2026-44963 Published on June 9, 2026