Skip to main content

AOMEI Partition Assistant EUVDEUVD-2026-38143

| CVE-2026-12778 HIGH
Improper Access Control (CWE-284)
2026-06-21 VulDB GHSA-9fg6-8666-rx55
7.1
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local attack by an authenticated low-privileged user exploiting a kernel driver IOCTL with no user interaction, yielding full CIA impact via SYSTEM-level code execution.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 22, 2026 - 05:55 vuln.today
CVSS changed
Jun 21, 2026 - 06:22 NVD
8.5 (HIGH) 7.1 (HIGH)

DescriptionCVE.org

A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Local privilege escalation in AOMEI Partition Assistant through version 10.10.1 allows authenticated low-privileged users to abuse improper access controls in the ampa10.sys kernel driver to gain SYSTEM-level code execution. Publicly available exploit code exists per VulDB, and the vendor did not respond to coordinated disclosure attempts, leaving installations exposed; no public exploit identified at time of analysis as actively used in the wild (not in CISA KEV).

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user shell on host
Delivery
Enumerate installed ampa10.sys driver
Exploit
Open handle to vulnerable device object
Execution
Issue crafted IOCTL bypassing access checks
Persist
Execute code in kernel context
Impact
Steal SYSTEM token or escalate process

Vulnerability AssessmentAI

Exploitation Requires (1) AOMEI Partition Assistant 10.10.0 or 10.10.1 installed on the target Windows host so that ampa10.sys is loaded as a kernel driver, and (2) the attacker has already obtained local code execution as an authenticated low-privileged user (PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) yields 7.1 and accurately reflects a local, low-complexity, low-privilege attack producing full confidentiality, integrity, and availability impact - consistent with kernel-mode code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user - or malware that achieved initial code execution as a standard user via phishing or a browser exploit - opens a handle to the ampa10.sys device and issues a crafted IOCTL that the driver executes without proper caller validation, yielding arbitrary kernel read/write or direct SYSTEM token theft. Because public exploit code is already published at winslow1984.com, an attacker can adapt it with minimal effort to elevate from a foothold to full host compromise.
Remediation No vendor-released patch identified at time of analysis - the vendor did not respond to the VulDB disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all systems running AOMEI Partition Assistant version 10.10.1 or earlier; identify which host authenticated low-privilege user access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38143 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy