Acronis Cyber Protect

Acronis DLP & CP Agent <= v9.0.93212/42183 Priv Esc via Input Validation
CVE-2026-41220 - April 29, 2026

Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

Memory Corruption

Acronis DeviceLock DLP & Cyber Protect Agent: LPE before 9.0.93212/42183
CVE-2026-41952 - April 29, 2026

Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

Write-what-where Condition

Sensitive Info Disclosure in Acronis Cyber Protect 17 via Improper Access
CVE-2026-28726 - March 05, 2026

Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

AuthZ

Acronis Cyber Protect 17 Pre-41186 info leak via config headless browser
CVE-2026-28725 - March 05, 2026

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Incorrect Permission Assignment for Critical Resource

Acronis Agent Credentials Not Cleared After Plan Revocation
CVE-2025-30413 - March 05, 2026

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

Incorrect Permission Assignment for Critical Resource

Acronis Cyber Protect 17: Insufficient Access Controls Grant Data Access
CVE-2026-28724 - March 05, 2026

Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

AuthZ

Acronis Cyber Protect Unauthorized Report Deletion via Access Control Flaw
CVE-2026-28723 - March 05, 2026

Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

AuthZ

Local Priv Escalation via Soft Link Abuse in Acronis Cyber Protect 17
CVE-2026-28722 - March 05, 2026

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Externally Controlled Reference to a Resource in Another Sphere

Local Priv Esc via Soft Link in Acronis Cyber Protect 17
CVE-2026-28721 - March 05, 2026

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Externally Controlled Reference to a Resource in Another Sphere

Acronis Cyber Protect 17: Unauthorized Settings Modification - Weak Auth Checks
CVE-2026-28720 - March 05, 2026

Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

AuthZ

Acronis Cyber Protect 17: Auth Flaw Enables Unauthorized Resource Manip
CVE-2026-28719 - March 05, 2026

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

AuthZ

Acronis Cyber Protect DoS via Auth Log Insufficient Validation
CVE-2026-28718 - March 05, 2026

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Logging of Excessive Data

Local Privilege Escalation in Acronis Cyber Protect 17 Windows
CVE-2026-28717 - March 05, 2026

Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Incorrect Default Permissions

CVE-2026-28716: Improper Authorization in Acronis Cyber Protect 17
CVE-2026-28716 - March 05, 2026

Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

AuthZ

CVE-2026-28715: Acronis Cyber Protect 17 Info Disclosure via Auth Checks
CVE-2026-28715 - March 05, 2026

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

AuthZ

Acronis Cyber Protect 17 Sensitive Crypto Leak (CVE-2026-28714)
CVE-2026-28714 - March 05, 2026

Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Insufficiently Protected Credentials

CVE-2026-28713: Default credentials for local privileged user in Virtual Appliance
CVE-2026-28713 - March 05, 2026

Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.

1392

Dll Hijack LPE in Acronis Cyber Protect 17
CVE-2026-28712 - March 05, 2026

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

DLL preloading

LPE via DLL Hijacking in Acronis Cyber Protect 17
CVE-2026-28711 - March 05, 2026

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

DLL preloading

Acronis Cyber Protect 17 Auth Bypass Sensitive Info Disclosure
CVE-2026-28710 - March 05, 2026

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

1390

Acronis Cyber Protect 17 Unauth. Resource Manipulation via Auth Bypass
CVE-2026-28709 - March 05, 2026

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

AuthZ

CVE-2025-11790: Acronis Agent Credential Retention After Plan Revocation
CVE-2025-11790 - March 05, 2026

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

Incorrect Permission Assignment for Critical Resource

Acronis Cyber Protect: Info Disclosure via Missing Auth Checks
CVE-2025-11791 - March 05, 2026

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

AuthZ

Local Priv Esc via DLL Hijacking in Acronis Cyber Protect Cloud Agent
CVE-2025-11792 - March 05, 2026

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124.

DLL preloading

Acronis Cyber Protect Local Priv Esc via Insecure Unix Socket
CVE-2026-28727 - March 05, 2026

Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.

Incorrect Default Permissions

Acronis Cyber Protect Sensitive Data Disclosure via Missing Authorization
CVE-2025-30416 - February 20, 2026

Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

AuthZ

Acronis Cyber Protect: Authless Sensitive Data Disclosure (CVE-2025-30410)
CVE-2025-30410 - February 20, 2026

Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800.

Missing Authentication for Critical Function

Acronis Cyber Protect 15/16 Improper Auth Exposes Sensitive Data
CVE-2025-30412 - February 20, 2026

Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

1390

Acronis Cyber Protect 15/16 Improper Auth Exposes Sensitive Data
CVE-2025-30411 - February 20, 2026

Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

1390

Acronis Cyber Protect 16 Windows: PrivEsc via Insecure Folder Permissions
CVE-2025-48961 - June 04, 2025

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.

Incorrect Permission Assignment for Critical Resource

Acronis Cyber Protect Cloud Agent: LPE via Insecure File Permissions
CVE-2025-48959 - June 04, 2025

Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.

Incorrect Default Permissions

DoS in Acronis Cyber Protect Cloud Agent from malformed input
CVE-2025-30415 - June 04, 2025

Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

Improper Validation of Syntactic Correctness of Input

Acronis Cyber Protect Cloud Agent DoS via Unbounded Resource Allocation
CVE-2025-30409 - April 24, 2025

Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 17 (Windows) before build 41186.

Allocation of Resources Without Limits or Throttling

Acronis Cyber Protect Cloud Agent & 16 Local Priv Esc via insecure folder perms
CVE-2025-30408 - April 24, 2025

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.

Incorrect Permission Assignment for Critical Resource

Acronis Cyber Protect 16 DLL Hijacking LPE
CVE-2024-55540 7.8 - High - January 02, 2025

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

DLL preloading

Acronis Cyber Protect XSS via postMessage origin validation flaw
CVE-2024-55541 6.1 - Medium - January 02, 2025

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.

XSS

DLL hijacking leads to local privilege escalation in Acronis Cyber Protect
CVE-2024-55543 7.8 - High - January 02, 2025

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

DLL preloading

Acronis Cyber Protect 16 archive-server IP Bind CVE-2024-49382
CVE-2024-49382 4.3 - Medium - October 15, 2024

Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

Binding to an Unrestricted IP Address

Acronis Cyber Protect Info Leak via Improper Auth
CVE-2024-49388 9.1 - Critical - October 15, 2024

Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

Insecure Direct Object Reference / IDOR

Vulnerability: Cleartext Transmission in Acronis Cyber Protect 16 ACEP-Collector
CVE-2024-49387 7.5 - High - October 15, 2024

Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

Cleartext Transmission of Sensitive Information

acep-collector Service Binds to Unrestricted IP in Acronis Cyber Protect 16
CVE-2024-49384 4.3 - Medium - October 15, 2024

Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

Binding to an Unrestricted IP Address

Acronis Cyb Prot acep-importer Binding to Unrestricted IP (CVE-2024-49383)
CVE-2024-49383 4.3 - Medium - October 15, 2024

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

Binding to an Unrestricted IP Address

Sensitive Info Disclosure via Excessive Privileges in Acronis Cyber Protect 15
CVE-2022-45449 6.5 - Medium - July 16, 2024

Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.

Acronis Cyber Protect 16 Info Disclosure via System Info Collection
CVE-2023-48680 5.5 - Medium - February 27, 2024

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.

Privacy violation

Acronis Cyber Protect 16 XSS in Storage Nodes Search Field
CVE-2023-48681 6.1 - Medium - February 27, 2024

Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

XSS

Stored XSS via unit name in Acronis Cyber Protect
CVE-2023-48682 5.4 - Medium - February 27, 2024

Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

XSS

Acronis Cyber Protect 16: Info Disclosure via Insecure Folder Permissions
CVE-2023-48678 5.5 - Medium - February 27, 2024

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

Incorrect Default Permissions

Acronis Cyber Protect 16 XSS via postMessage Origin Validation Skip
CVE-2023-48679 5.4 - Medium - February 27, 2024

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

XSS

DLL Hijacking LPE in Acronis Cyber Protect (Win)
CVE-2023-48677 - December 12, 2023

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.

DLL preloading

Acronis Agent Vulnerability: Sens. Info Disclosure via Missing Auth
CVE-2023-45243 - October 05, 2023

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

AuthZ