top of page
ALL POSTS
Veeam Backup & Replication RCE Vulnerability Allows Domain Users to Execute Remote Code on Servers
Key Findings Critical remote code execution vulnerability (CVE-2026-44963, CVSS 9.4) in Veeam Backup & Replication allows authenticated domain users to execute arbitrary code on backup servers Affects all Veeam Backup & Replication version 12.x builds up to 12.3.2.4465 Patched in version 12.3.2.4854; version 13.x unaffected due to architectural changes Discovered by watchTowr researcher Sina Kheirkhah No known in-the-wild exploitation at this time, but attacks likely to follo
Jun 102 min read
Critical Security Updates: Privilege Escalation and Remote Code Execution Vulnerabilities Patched in OpenVPN Connect and Veeam
Key Findings Critical privilege escalation vulnerability (CVE-2026-9560, CVSS 9.4) in OpenVPN Connect for macOS allows local attackers to gain root access Affected versions 3.5.1 through 3.8.1 contain insecure local IPC handling in the privileged helper component Version 3.8.2 patches the vulnerability along with authentication and profile management bugs Enterprise deployments require immediate updates to secure corporate endpoints Multiple critical flaws discovered in Veeam
May 282 min read
Veeam Backup & Replication Patched against Critical RCE Vulnerabilities
Key Findings: Veeam has released security updates to address critical vulnerabilities in its Backup & Replication software, including a flaw with a CVSS score of 9.0 that could allow remote code execution (RCE). The most severe vulnerability, CVE-2025-59470 (CVSS 9.0), enables a Backup or Tape Operator to achieve RCE as the postgres user by sending a malicious interval or order parameter. Three other vulnerabilities, CVE-2025-55125 (CVSS 7.2), CVE-2025-59469 (CVSS 7.2), and C
Jan 72 min read
bottom of page
