Skip to main content

AOMEI Dynamic Disk Manager CVE-2026-12779

| EUVDEUVD-2026-38144 HIGH
Improper Access Control (CWE-284)
2026-06-21 VulDB GHSA-xmv6-8rvm-ww7w
7.1
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local-only kernel driver IOCTL abuse from any standard user account (AV:L, PR:L, AC:L, UI:N) yields full SYSTEM compromise, giving high C/I/A within an unchanged scope.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 22, 2026 - 05:56 vuln.today
CVSS changed
Jun 21, 2026 - 06:22 NVD
8.5 (HIGH) 7.1 (HIGH)

DescriptionCVE.org

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Local privilege escalation in AOMEI Dynamic Disk Manager up to version 10.10.1 stems from improper access controls in the ddmdrv.sys kernel driver, allowing a low-privileged local user to interact with privileged driver IOCTLs and gain SYSTEM-level control. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving installations unpatched. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain low-privileged local user shell
Delivery
Enumerate \\.\ddmdrv device object
Exploit
Open handle to vulnerable driver
Install
Issue crafted IOCTL per public PoC
C2
Driver performs privileged operation in kernel context
Execute
Escalate to NT AUTHORITY\SYSTEM
Impact
Disable defenses and persist

Vulnerability AssessmentAI

Exploitation Attacker must already have local code execution as a low-privileged user (PR:L) on a Windows host where the AOMEI ddmdrv.sys kernel driver is loaded - either because AOMEI Dynamic Disk Manager 10.10.0 or 10.10.1 is installed, or because the attacker has dropped and loaded the signed driver themselves (BYOVD). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) and base score of 7.1 accurately reflect a local, low-complexity, low-privilege attack delivering high confidentiality, integrity, and availability impact - i.e., full SYSTEM compromise from any interactive user account. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privilege code execution on a Windows host - for example via a phishing payload running as a standard user - opens a handle to the ddmdrv.sys device object and issues the IOCTL sequence demonstrated in the public PoC on winslow1984.com to perform privileged operations from kernel context. The result is escalation to NT AUTHORITY\SYSTEM, after which the attacker disables defenses, harvests credentials, and moves laterally. …
Remediation No vendor-released patch identified at time of analysis - the vendor was contacted but did not respond, so no upgrade target exists. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running AOMEI Dynamic Disk Manager versions up to 10.10.1 and assess operational dependency. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12779 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy