Acronis True Image
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Acronis True Image.
By the Year
In 2026 there have been 5 vulnerabilities in Acronis True Image. Last year, in 2025 True Image had 4 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 0.00 |
| 2025 | 4 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 2 | 0.00 |
| 2022 | 6 | 7.50 |
| 2021 | 10 | 7.72 |
| 2020 | 2 | 7.55 |
It may take a day or so for new True Image vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Acronis True Image Security Vulnerabilities
Local Priv Escalation via Improper Env Var Handling in Acronis True Image macOS
CVE-2026-33092
- April 10, 2026
Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.
External Control of System or Configuration Setting
Acronis True Image Priv Esc via Folder Permissions
CVE-2026-33271
- April 02, 2026
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
Incorrect Permission Assignment for Critical Resource
CVE-2026-27774: DLL Hijacking Local Priv Escalation in ACronis True Image
CVE-2026-27774
- April 02, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
DLL preloading
DLL Hijacking Privilege Escalation in Acronis True Image on Windows <42902
CVE-2026-28728
- April 02, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
DLL preloading
Acronis Cyber Protect Local Priv Esc via Insecure Unix Socket
CVE-2026-28727
- March 05, 2026
Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.
Incorrect Default Permissions
Local PrivEsc via Insecure XPC Service in Acronis True Image (macOS)
CVE-2025-7779
- September 30, 2025
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.
Improper Privilege Management
Acronis True Image local privilege escalation via DLL hijacking
CVE-2025-11178
- September 30, 2025
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575.
DLL preloading
Acronis True Image (pre-41736/41725) Sensitive Info Disclosure via Missing Auth
CVE-2024-55538
- January 02, 2025
Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575.
Missing Authentication for Critical Function
Acronis True Image Windows Info Disclosure via Insecure Folder Perms
CVE-2024-49385
- January 02, 2025
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575.
Incorrect Permission Assignment for Critical Resource
Acronis True Image (MacOS): OS Command Injection LPE in builds < 41396
CVE-2024-34013
- July 18, 2024
Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571.
Shell injection
DLL Hijacking LPE in Acronis Cyber Protect (Win)
CVE-2023-48677
- December 12, 2023
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.
DLL preloading
Acronis Cyber Protect Home Office: Info Disclosure via Insecure Folder Perms
CVE-2023-5042
- September 20, 2023
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
Incorrect Default Permissions
Local privilege escalation due to unrestricted loading of unsigned libraries
CVE-2022-24115
7.8 - High
- February 04, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
Improper Verification of Cryptographic Signature
Local privilege escalation due to excessive permissions assigned to child processes
CVE-2022-24113
7.8 - High
- February 04, 2022
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Incorrect Default Permissions
Local privilege escalation due to race condition on application startup
CVE-2022-24114
7 - High
- February 04, 2022
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
Race Condition
Local privilege escalation via named pipe due to improper access control checks
CVE-2021-44204
7.8 - High
- February 04, 2022
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Local privilege escalation due to DLL hijacking vulnerability
CVE-2021-44205
7.3 - High
- February 04, 2022
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
DLL preloading
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service
CVE-2021-44206
7.3 - High
- February 04, 2022
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
DLL preloading
Acronis True Image prior to 2021 Update 4 for Windows
CVE-2021-32576
7.8 - High
- August 05, 2021
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).
Externally Controlled Reference to a Resource in Another Sphere
Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS
CVE-2021-32579
7.8 - High
- August 05, 2021
Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.
authentification
Acronis True Image prior to 2021 Update 4 for Windows
CVE-2021-32580
7.8 - High
- August 05, 2021
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking.
DLL preloading
Acronis True Image prior to 2021 Update 4 for Windows
CVE-2021-32581
8.1 - High
- August 05, 2021
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
Improper Certificate Validation
Acronis True Image prior to 2021 Update 5 for Windows
CVE-2021-32577
7.8 - High
- August 05, 2021
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
Incorrect Permission Assignment for Critical Resource
Acronis True Image prior to 2021 Update 4 for Windows
CVE-2021-32578
7.8 - High
- August 05, 2021
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).
Externally Controlled Reference to a Resource in Another Sphere
Acronis True Image 2019 update 1 through 2020 on macOS
CVE-2020-15495
7.8 - High
- July 15, 2021
Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.
Acronis True Image through 2021 on macOS
CVE-2020-25593
6.7 - Medium
- July 15, 2021
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.
Incorrect Default Permissions
Acronis True Image 2019 update 1 through 2021 update 1 on macOS
CVE-2020-25736
7.8 - High
- July 15, 2021
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.
Acronis True Image for Mac before 2021 Update 4
CVE-2020-15496
7.8 - High
- July 15, 2021
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
Improper Preservation of Permissions
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\
CVE-2020-10139
7.8 - High
- October 21, 2020
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Improper Initialization
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory
CVE-2020-10140
7.3 - High
- October 21, 2020
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.
Incorrect Permission Assignment for Critical Resource
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Acronis True Image or by Acronis? Click the Watch button to subscribe.
