Platform
veeam
Component
veeam-backup-replication
Fixed in
12.3.2
13.0.1
CVE-2026-21709 is a vulnerability affecting Veeam Backup and Replication versions 12.0.0 through 13.0.1. A local attacker with administrator privileges can exploit this flaw to bypass Windows Driver Signature Enforcement, allowing the installation of unsigned drivers. This bypass can lead to unauthorized code execution and potential system compromise. The vulnerability has been published on 2026-04-17, and a fix is available in version 13.0.1.
The primary impact of CVE-2026-21709 is the ability for a local administrator to circumvent Windows Driver Signature Enforcement. This means an attacker, already possessing local administrator access, can install malicious or modified drivers without the usual security checks. Such drivers could then be used to escalate privileges, install malware, or gain persistent access to the system. The blast radius is limited to the affected Veeam server and potentially any systems backing up to it, depending on the driver's functionality. While not directly comparable to a remote code execution vulnerability, the ability to install unsigned drivers significantly weakens the system's security posture and provides a foothold for further attacks.
CVE-2026-21709 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, suggesting a low to medium probability of exploitation in the near term. The vulnerability was disclosed on 2026-04-17, so active exploitation campaigns are not confirmed at this time. Monitor security advisories and threat intelligence feeds for any updates.
Exploit Status
EPSS
0.01% (1% percentile)
The recommended mitigation for CVE-2026-21709 is to immediately upgrade Veeam Backup and Replication to version 13.0.1 or later. If an immediate upgrade is not feasible due to compatibility concerns or testing requirements, consider implementing stricter driver signing policies within the Windows environment to limit the impact of unsigned drivers. While not a direct mitigation, reviewing Veeam's access control lists and ensuring the principle of least privilege is enforced can reduce the risk of a local administrator exploiting this vulnerability. After upgrading, confirm the fix by attempting to install an unsigned driver through Veeam and verifying that the installation is blocked.
Update to version 12.3.2 or later of Veeam Backup and Replication to mitigate the vulnerability. This update corrects how drivers are handled, preventing local attackers with administrator privileges from bypassing Windows Driver Signature Enforcement policy application.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-21709 is a vulnerability in Veeam Backup and Replication versions 12.0.0–13.0.1 that allows a local administrator to bypass Windows Driver Signature Enforcement, potentially enabling the installation of unsigned drivers.
You are affected if you are running Veeam Backup and Replication versions 12.0.0 through 13.0.1 and have local administrators with access to the system.
Upgrade Veeam Backup and Replication to version 13.0.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider stricter driver signing policies.
Active exploitation campaigns are not currently confirmed, but monitoring threat intelligence feeds is recommended.
Refer to the official Veeam security advisory for CVE-2026-21709 on the Veeam website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.