Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
CVSS
6.7
MEDIUM
Published
Apr 2, 2026
Loading
Vendor coverage
Track published CVEs, severity trends, and remediation context for acronis products.
Search results
Showing 1-50 of 50 vulnerabilities.
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
CVSS
6.7
MEDIUM
Published
Apr 2, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
CVSS
6.7
MEDIUM
Published
Apr 2, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
CVSS
6.7
MEDIUM
Published
Apr 2, 2026
Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.
CVSS
7.8
HIGH
Published
Mar 6, 2026
Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
4.3
MEDIUM
Published
Mar 6, 2026
Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
5.5
MEDIUM
Published
Mar 6, 2026
Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
4.3
MEDIUM
Published
Mar 6, 2026
Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
4.3
MEDIUM
Published
Mar 6, 2026
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
CVSS
7.3
HIGH
Published
Mar 6, 2026
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
CVSS
7.3
HIGH
Published
Mar 6, 2026
Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
4.3
MEDIUM
Published
Mar 6, 2026
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
4.3
MEDIUM
Published
Mar 6, 2026
Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
7.5
HIGH
Published
Mar 6, 2026
Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
CVSS
5.0
MEDIUM
Published
Mar 6, 2026
Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
4.4
MEDIUM
Published
Mar 6, 2026
Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
6.5
MEDIUM
Published
Mar 6, 2026
Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
4.8
MEDIUM
Published
Mar 6, 2026
Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.
CVSS
7.1
HIGH
Published
Mar 6, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
CVSS
6.3
MEDIUM
Published
Mar 6, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
CVSS
6.3
MEDIUM
Published
Mar 6, 2026
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
9.8
CRITICAL
Published
Mar 6, 2026
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS
4.3
MEDIUM
Published
Mar 6, 2026
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
CVSS
4.4
MEDIUM
Published
Mar 6, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124.
CVSS
7.3
HIGH
Published
Mar 6, 2026
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
CVSS
7.1
HIGH
Published
Mar 6, 2026
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
CVSS
4.4
MEDIUM
Published
Mar 6, 2026
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
CVSS
10.0
CRITICAL
Published
Feb 20, 2026
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
CVSS
10.0
CRITICAL
Published
Feb 20, 2026
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
CVSS
10.0
CRITICAL
Published
Feb 20, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
CVSS
7.8
HIGH
Published
Jan 2, 2025
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
CVSS
6.1
MEDIUM
Published
Jan 2, 2025
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
CVSS
7.8
HIGH
Published
Jan 2, 2025
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
CVSS
4.8
MEDIUM
Published
Oct 17, 2024
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
CVSS
7.3
HIGH
Published
Oct 17, 2024
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
CVSS
7.3
HIGH
Published
Oct 17, 2024
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
CVSS
7.8
HIGH
Published
Oct 17, 2024
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
CVSS
5.7
MEDIUM
Published
Oct 17, 2024
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVSS
9.1
CRITICAL
Published
Oct 15, 2024
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVSS
7.5
HIGH
Published
Oct 15, 2024
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVSS
4.3
MEDIUM
Published
Oct 15, 2024
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVSS
4.3
MEDIUM
Published
Oct 15, 2024
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVSS
4.3
MEDIUM
Published
Oct 15, 2024
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
CVSS
7.3
HIGH
Published
Aug 29, 2024
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
CVSS
5.5
MEDIUM
Published
Aug 29, 2024
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
CVSS
7.3
HIGH
Published
Aug 29, 2024
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
CVSS
9.8
CRITICAL
Published
Jul 24, 2024
Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
CVSS
6.5
MEDIUM
Published
Jul 16, 2024
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.
CVSS
4.4
MEDIUM
Published
Jun 14, 2024
Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
CVSS
5.4
MEDIUM
Published
Feb 27, 2024
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
CVSS
6.1
MEDIUM
Published
Feb 27, 2024