Description
A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
Published: 2026-04-17
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Bypass of Windows Driver Signature Enforcement
Action: Assess
AI Analysis

Impact

A local attacker with existing administrator privileges can bypass Windows Driver Signature Enforcement, allowing the installation of unsigned drivers. This flaw permits the attacker to run code in kernel mode and potentially gain persistent elevated privileges. The impact extends to confidentiality, integrity, and availability by enabling malicious drivers to execute with full system rights. The vulnerability is linked to CWE-77, known to involve OS command injection; however, the CVE description does not explicitly state such injection, so this inference is based solely on the associated CWE.

Affected Systems

The vulnerability affects the Veeam Backup and Replication suite and the Veeam Software Appliance. No specific version information is provided for the affected builds.

Risk and Exploitability

The CVSS score is 6.7 and the EPSS score is <1%; it is not listed in the CISA KEV catalog. The attack vector is local, requiring administrative privileges; once an attacker gains administrative access, they can load unsigned drivers to achieve persistence or manipulate system internals. Given the potential for kernel‑level code execution and full system compromise, the risk is considered moderate to high.

Generated by OpenCVE AI on April 20, 2026 at 17:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Veeam Backup and Replication or Software Appliance update that addresses this issue if available.
  • Limit the use of local administrator accounts by enforcing least‑privilege principals and separating non‑administrative tasks into dedicated accounts.
  • Enforce Windows Driver Signature Enforcement via Group Policy, configuring the system to require signed drivers and block unsigned firmware.
  • Monitor driver installation events using Windows Event logs and SIEM tools; set alerts for unsigned driver loads.
  • Consider deploying AppLocker or Device Guard configurations that restrict driver execution to approved vendors or hashes.

Generated by OpenCVE AI on April 20, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Title Local Administrator Bypass of Windows Driver Signature Enforcement in Veeam Backup and Replication

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 18 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title Local Administrator Bypass of Windows Driver Signature Enforcement in Veeam Backup and Replication

Fri, 17 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam backup And Replication
Veeam software Appliance
Vendors & Products Veeam
Veeam backup And Replication
Veeam software Appliance

Fri, 17 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
Weaknesses CWE-77
References

Subscriptions

Veeam Backup And Replication Software Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-04-20T14:06:52.636Z

Reserved: 2026-01-04T15:00:06.574Z

Link: CVE-2026-21709

cve-icon Vulnrichment

Updated: 2026-04-17T16:07:32.067Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T16:16:36.413

Modified: 2026-04-20T16:16:41.057

Link: CVE-2026-21709

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T17:30:12Z

Weaknesses