CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-41220
https://notcve.org/view.php?id=CVE-2026-41220
29 Apr 2026 — Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183. • https://security-advisory.acronis.com/advisories/SEC-10296 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-41952
https://notcve.org/view.php?id=CVE-2026-41952
29 Apr 2026 — Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183. • https://security-advisory.acronis.com/advisories/SEC-7790 • CWE-123: Write-what-where Condition •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25852
https://notcve.org/view.php?id=CVE-2026-25852
29 Apr 2026 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. • https://security-advisory.acronis.com/advisories/SEC-7217 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-33092
https://notcve.org/view.php?id=CVE-2026-33092
10 Apr 2026 — Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902. • https://security-advisory.acronis.com/advisories/SEC-9407 • CWE-15: External Control of System or Configuration Setting •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-33271
https://notcve.org/view.php?id=CVE-2026-33271
02 Apr 2026 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. • https://security-advisory.acronis.com/advisories/SEC-9108 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-27774
https://notcve.org/view.php?id=CVE-2026-27774
02 Apr 2026 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. • https://security-advisory.acronis.com/advisories/SEC-10057 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-28728
https://notcve.org/view.php?id=CVE-2026-28728
02 Apr 2026 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. • https://security-advisory.acronis.com/advisories/SEC-10401 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-28726
https://notcve.org/view.php?id=CVE-2026-28726
05 Mar 2026 — Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. Revelación de información sensible debido a un control de acceso inadecuado. Los siguientes productos están afectados: Acronis Cyber Protect 17 (Linux, Windows) anterior a la compilación 41186. • https://security-advisory.acronis.com/advisories/SEC-8401 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-28725
https://notcve.org/view.php?id=CVE-2026-28725
05 Mar 2026 — Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. Revelación de información sensible debido a la configuración incorrecta de un navegador sin interfaz gráfica. Los siguientes productos están afectados: Acronis Cyber Protect 17 (Linux, Windows) anterior a la compilación 41186. • https://security-advisory.acronis.com/advisories/SEC-8695 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30413
https://notcve.org/view.php?id=CVE-2025-30413
05 Mar 2026 — Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. Las credenciales no se eliminan del Agente de Acronis después de la revocación del plan. Los siguientes productos se ven afectados: Agente de Acronis Cyber Protect Cloud (Linux, macOS, Windows) antes de la compilación 40497, Acronis Cyber Protect 17 (Linux, ... • https://security-advisory.acronis.com/SEC-9386 • CWE-732: Incorrect Permission Assignment for Critical Resource •