Description
A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-21
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper access control flaw exists in the amwrtdrv.sys kernel driver shipped with AOMEI Backupper up to version 8.3.0. The vulnerability allows a malicious local user to manipulate a function in the driver, leading to privilege escalation and full control of the affected machine. The flaw is not tied to remote access; an attacker must have local execution rights to exploit it.

Affected Systems

Systems running AOMEI Backupper 8.3.0 or earlier are vulnerable, as the kernel driver amwrtdrv.sys contains the flaw. The vulnerability specifically targets the unknown function within this driver, which is part of the AOMEI Backupper package.

Risk and Exploitability

The CVSS score of 8.5 classifies the issue as high severity. While the EPSS score is currently unavailable, the lack of a publicly available exploit suggests the risk is primarily local and depends on the presence of a user with sufficient privileges to run the driver. The vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation at this time. An attacker with local access can elevate privileges by exploiting the flawed access controls and thereby compromise the entire system.

Generated by OpenCVE AI on June 21, 2026 at 09:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update AOMEI Backupper to a newer release that removes or patches the amwrtdrv.sys kernel driver.
  • If an update is not available, uninstall or disable the amwrtdrv.sys driver to eliminate the privilege escalation vector.
  • Enforce least privilege for local user accounts that run AOMEI Backupper, and monitor system logs for abnormal driver usage or privilege escalation attempts.

Generated by OpenCVE AI on June 21, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title AOMEI Backupper Kernel Driver amwrtdrv.sys access control
First Time appeared Aomei
Aomei backupper
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:aomei:backupper:*:*:*:*:*:*:*:*
Vendors & Products Aomei
Aomei backupper
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-22T16:13:04.211Z

Reserved: 2026-06-20T09:36:11.510Z

Link: CVE-2026-12780

cve-icon Vulnrichment

Updated: 2026-06-22T16:12:15.726Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:03:56Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-284

    Improper Access Control