Skip to main content

Backup And Replication CVE-2026-21709

| EUVD-2026-23438 MEDIUM
Command Injection (CWE-77)
2026-04-17 hackerone
Command Injection Microsoft Backup And Replication Software Appliance
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 20, 2026 - 16:22 vuln.today
CVSS changed
Apr 20, 2026 - 16:22 NVD
6.7 (MEDIUM)
Patch released
Apr 20, 2026 - 16:16 nvd
Patch available
Patch available
Apr 17, 2026 - 16:16 EUVD
EUVD ID Assigned
Apr 17, 2026 - 15:45 euvd
EUVD-2026-23438
Analysis Generated
Apr 17, 2026 - 15:45 vuln.today
CVE Published
Apr 17, 2026 - 15:32 nvd
MEDIUM 6.7

DescriptionCVE.org

A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.

AnalysisAI

Bypass of Windows Driver Signature Enforcement in Veeam Backup and Replication 12.x and Software Appliance 13.x allows local administrators to load unsigned kernel drivers, potentially enabling persistent kernel-level compromise. The vulnerability requires high-level administrative privileges and is not actively exploited in the wild; however, EPSS scoring (0.01%) suggests this is a low-probability exploitation target despite the high CVSS score, indicating the attack scenario is constrained by strict privilege and configuration requirements.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Local admin access obtained
Delivery
Craft malicious command with DSE bypass parameters
Exploit
Inject command via Veeam service or admin interface
Install
Service parses and executes unsanitized command
C2
Kernel driver loads unsigned
Execute
Kernel-level code execution achieved
Impact
Persistence and lateral movement possible
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must possess local administrative privileges on a Windows system running Veeam Backup and Replication 12.x (before 12.3.2) or Veeam Software Appliance 13.x (before 13.0.1). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The risk profile presents a notable discrepancy between CVSS and real-world exploitation signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A disgruntled system administrator with local access to a Veeam Backup and Replication server crafts a malicious command through the administrative interface or local service interaction, injecting parameters that bypass Driver Signature Enforcement validation. This allows the attacker to load an unsigned kernel driver that persists across reboots and operates with system-level privileges, potentially exfiltrating data, modifying backups, or installing additional malware. …
Remediation Upgrade Veeam Backup and Replication to version 12.3.2 or later, and upgrade Veeam Software Appliance to version 13.0.1 or later. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-21709 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy