CVE-2026-12779: Improper Access Controls in AOMEI Dynamic Disk Manager
CVE-2026-12779 is a high-severity vulnerability in AOMEI Dynamic Disk Manager versions 10.10.0 and 10.10.1. It involves improper access controls in the kernel driver component ddmdrv.sys, which can be exploited locally to manipulate the system. The vendor has not responded to the disclosure, and no official patch or remediation is currently available. The vulnerability has a CVSS 4.0 score of 8.5, indicating significant impact potential.
AI Analysis
Technical Summary
This vulnerability affects the kernel driver (ddmdrv.sys) of AOMEI Dynamic Disk Manager up to version 10.10.1. Improper access controls allow a local attacker with limited privileges to perform unauthorized manipulations. The exact nature of the processing flaw is unspecified, but the vulnerability impacts confidentiality, integrity, and availability with high severity. The vendor was contacted but did not provide a response or fix. No official remediation or patch has been published as of the disclosure date.
Potential Impact
Successful exploitation requires local access and can lead to unauthorized actions within the kernel driver, potentially compromising system confidentiality, integrity, and availability. The CVSS score of 8.5 reflects a high impact due to the vulnerability's ability to affect core system components with limited attack complexity and no user interaction required.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Users should avoid running untrusted code locally and restrict access to systems running affected versions 10.10.0 and 10.10.1 of AOMEI Dynamic Disk Manager. Monitor vendor channels for any future updates or patches addressing this issue.
CVE-2026-12779: Improper Access Controls in AOMEI Dynamic Disk Manager
Description
CVE-2026-12779 is a high-severity vulnerability in AOMEI Dynamic Disk Manager versions 10.10.0 and 10.10.1. It involves improper access controls in the kernel driver component ddmdrv.sys, which can be exploited locally to manipulate the system. The vendor has not responded to the disclosure, and no official patch or remediation is currently available. The vulnerability has a CVSS 4.0 score of 8.5, indicating significant impact potential.
CVSS v4.0
Score 8.5high
Affected software
pkg:github/aomei/dynamic-disk-managercpe:2.3:a:aomei:dynamic_disk_manager:*:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the kernel driver (ddmdrv.sys) of AOMEI Dynamic Disk Manager up to version 10.10.1. Improper access controls allow a local attacker with limited privileges to perform unauthorized manipulations. The exact nature of the processing flaw is unspecified, but the vulnerability impacts confidentiality, integrity, and availability with high severity. The vendor was contacted but did not provide a response or fix. No official remediation or patch has been published as of the disclosure date.
Potential Impact
Successful exploitation requires local access and can lead to unauthorized actions within the kernel driver, potentially compromising system confidentiality, integrity, and availability. The CVSS score of 8.5 reflects a high impact due to the vulnerability's ability to affect core system components with limited attack complexity and no user interaction required.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Users should avoid running untrusted code locally and restrict access to systems running affected versions 10.10.0 and 10.10.1 of AOMEI Dynamic Disk Manager. Monitor vendor channels for any future updates or patches addressing this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-20T09:36:08.901Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3778eb9c760d8add8aba43
Added to database: 06/21/2026, 05:38:51 UTC
Last enriched: 06/21/2026, 05:52:47 UTC
Last updated: 06/21/2026, 06:22:50 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.