{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21709", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-04T15:00:06.574Z", "datePublished": "2026-04-17T15:32:10.755Z", "dateUpdated": "2026-04-20T14:06:52.636Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Backup and Replication", "versions": [{"version": "12", "status": "affected", "lessThan": "12.3.2", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Veeam", "product": "Software Appliance", "versions": [{"version": "13", "status": "affected", "lessThan": "13.0.1", "versionType": "semver"}]}], "references": [{"url": "https://www.veeam.com/kb4830"}, {"url": "https://www.veeam.com/kb4831"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-77", "description": "CWE-77 Command Injection - Generic"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-04-17T15:32:10.755Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-18T03:55:57.432669Z", "id": "CVE-2026-21709", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T14:06:52.636Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-21709", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-18T03:55:57.432669Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T16:07:32.067Z"}}], "cna": {"affected": [{"vendor": "Veeam", "product": "Backup and Replication", "versions": [{"status": "affected", "version": "12", "lessThan": "12.3.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Veeam", "product": "Software Appliance", "versions": [{"status": "affected", "version": "13", "lessThan": "13.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.veeam.com/kb4830"}, {"url": "https://www.veeam.com/kb4831"}], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Command Injection - Generic"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-04-17T15:32:10.755Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21709", "state": "PUBLISHED", "dateUpdated": "2026-04-20T14:06:52.636Z", "dateReserved": "2026-01-04T15:00:06.574Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-04-17T15:32:10.755Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement."}], "id": "CVE-2026-21709", "lastModified": "2026-04-20T16:16:41.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-17T16:16:36.413", "references": [{"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4830"}, {"source": "support@hackerone.com", "url": "https://www.veeam.com/kb4831"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "support@hackerone.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12,12.3.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Backup and Replication", "source": "cna", "vendor": "Veeam"}, "product": "backup_and_replication", "vendor": "veeam"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[13,13.0.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Software Appliance", "source": "cna", "vendor": "Veeam"}, "product": "software_appliance", "vendor": "veeam"}], "analysis": {"en": {"generated_at": "2026-04-20T17:24:41.241388+00:00", "value": {"mitigation_remediation": ["Apply the latest Veeam Backup and Replication or Software Appliance update that addresses this issue if available.", "Limit the use of local administrator accounts by enforcing least\u2011privilege principals and separating non\u2011administrative tasks into dedicated accounts.", "Enforce Windows Driver Signature Enforcement via Group Policy, configuring the system to require signed drivers and block unsigned firmware.", "Monitor driver installation events using Windows Event logs and SIEM tools; set alerts for unsigned driver loads.", "Consider deploying AppLocker or Device Guard configurations that restrict driver execution to approved vendors or hashes."], "summary": {"action": "Assess", "impact": "Bypass of Windows Driver Signature Enforcement"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Veeam Backup and Replication suite and the Veeam Software Appliance. No specific version information is provided for the affected builds.", "description_and_impact": "A local attacker with existing administrator privileges can bypass Windows Driver Signature Enforcement, allowing the installation of unsigned drivers. This flaw permits the attacker to run code in kernel mode and potentially gain persistent elevated privileges. The impact extends to confidentiality, integrity, and availability by enabling malicious drivers to execute with full system rights. The vulnerability is linked to CWE-77, known to involve OS command injection; however, the CVE description does not explicitly state such injection, so this inference is based solely on the associated CWE.", "risk_and_exploitability": "The CVSS score is 6.7 and the EPSS score is <1%; it is not listed in the CISA KEV catalog. The attack vector is local, requiring administrative privileges; once an attacker gains administrative access, they can load unsigned drivers to achieve persistence or manipulate system internals. Given the potential for kernel\u2011level code execution and full system compromise, the risk is considered moderate to high."}}}}, "created": "2026-04-17T16:30:05.713951+00:00", "updated": "2026-04-20T17:30:12.654052+00:00", "vendors": ["veeam", "veeam$PRODUCT$backup_and_replication", "veeam$PRODUCT$software_appliance"]}