Windows Driver Signature Enforcement Bypass in Veeam Products
CVE-2026-21709

6.7MEDIUM

Key Information:

Vendor: Veeam
Status: Backup And Replication; Software Appliance
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-21709?

A local attacker with administrator privileges can exploit a vulnerability in Veeam software to bypass Windows Driver Signature Enforcement. This presents a significant risk as it allows malicious users to execute unverified drivers, potentially leading to further exploitation of the system. Users of Veeam Backup & Replication and Veeam Agent for Microsoft Windows are urged to apply security patches to mitigate this risk.

Affected Version(s)

Backup and Replication 12 < 12.3.2

Software Appliance 13 < 13.0.1

References

https://www.veeam.com/kb4830

https://www.veeam.com/kb4831

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Jan 4, 2026

CVE-2026-21709 Data

JSON