CVE-2026-12780 | A vulnerability was determined in AOMEI Backupper up to 8.3.… | CVSS 7.8 HIGH

Description

A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-12780
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-20 09:36 UTC
Published: 2026-06-21 05:30 UTC
Last updated: 2026-06-21 05:30 UTC
Primary CWE: CWE-284
Improper Access Controls
Vendor / Product: AOMEI / Backupper
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Affected products (1)

Vendor	Product	Platform	Versions
AOMEI	Backupper	—	8.0, 8.1, 8.2, 8.3.0

Weakness (CWE)

CWE	Source	Description
CWE-266	cna	Incorrect Privilege Assignment
CWE-284	cna	Improper Access Controls

CVSS scores (4)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
7.8	HIGH	3.0	cna	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
6.8	N/D	2.0	cna	AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

References (5)

VDB-372521 | AOMEI Backupper Kernel Driver amwrtdrv.sys access control https://vuldb.com/vuln/372521
VDB-372521 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/372521/cti
CVE-2026-12780 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-12780
Submit #835609 | AOMEI AOMEI Backupper Kernel Driver amwrtdrv.sys 8.3.0 Local Privilege Escapation https://vuldb.com/submit/835609
https://winslow1984.com/books/cve-collection/page/aomei-backupper-830-kernel-driver-amwrtdrvsys-local-privilege-escalation