{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21709", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-04T15:00:06.574Z", "datePublished": "2026-04-17T15:32:10.755Z", "dateUpdated": "2026-04-18T03:55:56.590Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Backup and Replication", "versions": [{"version": "12", "status": "affected", "lessThan": "12.3.2", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Software Appliance", "versions": [{"version": "13", "status": "affected", "lessThan": "13.0.1", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4830"}, {"url": "https://www.veeam.com/kb4831"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-77", "description": "CWE-77 Command Injection - Generic"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-04-17T15:32:10.755Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-17T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-21709"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T03:55:56.590Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement."}], "id": "CVE-2026-21709", "lastModified": "2026-04-17T19:01:56.030", "metrics": {}, "published": "2026-04-17T16:16:36.413", "references": [{"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4830"}, {"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4831"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "support@hackerone.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12,12.3.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Backup and Replication", "source": "cna", "vendor": "Veeam"}, "product": "backup_and_replication", "vendor": "veeam"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[13,13.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Software Appliance", "source": "cna", "vendor": "Veeam"}, "product": "software_appliance", "vendor": "veeam"}], "analysis": {"en": {"generated_at": "2026-04-18T09:15:19.518444+00:00", "value": {"mitigation_remediation": ["Apply the latest Veeam Backup and Replication or Software Appliance update that addresses this issue if available.", "Limit the use of local administrator accounts by enforcing least\u2011privilege principals and separating non\u2011administrative tasks into dedicated accounts.", "Enforce Windows Driver Signature Enforcement via Group Policy, configuring the system to require signed drivers and block unsigned firmware.", "Monitor driver installation events using Windows Event logs and SIEM tools; set alerts for unsigned driver loads.", "Consider deploying AppLocker or Device Guard configurations that restrict driver execution to approved vendors or hashes."], "summary": {"action": "Assess", "impact": "Bypass of Windows Driver Signature Enforcement"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Veeam Backup and Replication suite and the Veeam Software Appliance. No specific version information is provided for the affected builds.", "description_and_impact": "A local attacker with existing administrator privileges can bypass Windows Driver Signature Enforcement, allowing them to install unsigned drivers. This flaw, identified as OS Command Injection (CWE-77), permits the attacker to run arbitrary code in kernel mode and potentially gain persistent elevated privileges. The impact extends to confidentiality, integrity, and availability by enabling malicious drivers to execute with full system rights.", "risk_and_exploitability": "The CVSS and EPSS metrics are not available, and the issue is not listed in the CISA KEV catalog. The attack vector is local, requiring administrator rights, but once achieved, the attacker can load unsigned drivers to maintain persistence or manipulate system internals. The risk is considered moderate to high due to the degree of privilege escalation achievable."}}}}, "created": "2026-04-17T16:30:05.713951+00:00", "title": "Local Administrator Bypass of Windows Driver Signature Enforcement in Veeam Backup and Replication", "updated": "2026-04-18T09:30:25.675766+00:00", "vendors": ["veeam", "veeam$PRODUCT$backup_and_replication", "veeam$PRODUCT$software_appliance"]}