Description
A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-21
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the kernel driver ddmdrv.sys of AOMEI Dynamic Disk Manager. It permits manipulation from a local context to bypass proper access controls, effectively escalating a regular local user to system level privileges within the affected software. This flaw is a classic example of privileged access control failure, corresponding to the listed weaknesses CWE‑266 and CWE‑284.

Affected Systems

AOMEI Dynamic Disk Manager versions up to and including 10.10.1 are affected. The vulnerability impacts the kernel driver component within these releases; users of this particular product version should consider the security risk.

Risk and Exploitability

The CVSS score of 8.5 places the issue in the high severity range, and the lack of EPSS availability indicates that exploitation probability is not quantified, though the exploit has been made public. The flaw is only exploitable from a local position; attack requires local user access. Because the vulnerability is not listed in the CISA KEV catalog, but has a known public exploit, administrators should treat it as an immediate threat.

Generated by OpenCVE AI on June 21, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the AOMEI Dynamic Disk Manager to a version newer than 10.10.1 that contains the ddmdrv.sys access control fix.
  • If an update is not currently available, limit local user privileges and remove the AOMEI Dynamic Disk Manager from critical systems until a secure version is installed.
  • Deploy host‑based monitoring to detect anomalous kernel driver activity that may indicate exploitation attempts.

Generated by OpenCVE AI on June 21, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title AOMEI Dynamic Disk Manager Kernel Driver ddmdrv.sys access control
First Time appeared Aomei
Aomei dynamic Disk Manager
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:aomei:dynamic_disk_manager:*:*:*:*:*:*:*:*
Vendors & Products Aomei
Aomei dynamic Disk Manager
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Aomei Dynamic Disk Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-21T05:15:07.936Z

Reserved: 2026-06-20T09:36:08.901Z

Link: CVE-2026-12779

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T09:30:09Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-284

    Improper Access Control