Plattform
veeam
Komponente
veeam-backup-replication
Behoben in
12.3.2
13.0.1
CVE-2026-21709 is a vulnerability affecting Veeam Backup and Replication versions 12.0.0 through 13.0.1. A local attacker with administrator privileges can exploit this flaw to bypass Windows Driver Signature Enforcement, allowing the installation of unsigned drivers. This bypass can lead to unauthorized code execution and potential system compromise. The vulnerability has been published on 2026-04-17, and a fix is available in version 13.0.1.
Successful exploitation of CVE-2026-21709 allows an attacker with local administrator access to bypass Windows Driver Signature Enforcement. This means they can install unsigned or improperly signed drivers onto the system. These malicious drivers could then be used to escalate privileges, compromise system integrity, or install malware. The blast radius is limited to systems where the attacker has local administrator access and Veeam Backup and Replication is installed. This bypass effectively removes a key security control designed to prevent the installation of malicious drivers, significantly increasing the attack surface.
CVE-2026-21709 was published on 2026-04-17. The exploitability of this vulnerability is currently unknown, and no public proof-of-concept (POC) code has been released. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Organizations heavily reliant on Veeam Backup and Replication for data protection are at risk, particularly those with legacy systems or configurations that may not enforce strict driver signing policies. Environments with shared administrator accounts or inadequate access controls are also more vulnerable, as a compromised administrator account could be leveraged to exploit this vulnerability.
• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*Veeam*'} | Format-Table TaskName, State• windows / supply-chain:
Get-Process -Name VeeamBackup | Select-Object ProcessName, Path, CPU, WorkingSet• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Veeam.Backup.HostIntegrationService']]]" | Format-Table TimeCreated, ID, Messagedisclosure
Exploit-Status
EPSS
0.01% (1% Perzentil)
The primary mitigation for CVE-2026-21709 is to upgrade Veeam Backup and Replication to version 13.0.1 or later, which contains the fix. If an immediate upgrade is not possible, consider implementing stricter local administrator account controls and monitoring for suspicious driver installations. While a direct workaround is unavailable, reviewing Veeam's security best practices and ensuring proper driver signing policies are in place can reduce the potential impact. After upgrading, confirm the fix by attempting to install an unsigned driver and verifying that Driver Signature Enforcement is still enforced.
Actualice a la versión 12.3.2 o posterior de Veeam Backup and Replication para mitigar la vulnerabilidad. Esta actualización corrige la forma en que se manejan los controladores, evitando que los atacantes locales con privilegios de administrador eviten la aplicación de la política de firma de controladores de Windows.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-21709 is a vulnerability in Veeam Backup and Replication versions 12.0.0–13.0.1 that allows a local administrator to bypass Windows Driver Signature Enforcement, potentially enabling the installation of unsigned drivers.
You are affected if you are running Veeam Backup and Replication versions 12.0.0 through 13.0.1 and have local administrators with access to the system.
Upgrade Veeam Backup and Replication to version 13.0.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider stricter driver signing policies.
Active exploitation campaigns are not currently confirmed, but monitoring threat intelligence feeds is recommended.
Refer to the official Veeam security advisory for CVE-2026-21709 on the Veeam website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.