Description
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354.
Published: 2026-01-27
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from insecure folder permissions in Acronis Cloud Manager, allowing an attacker with local access to modify critical directories. This can lead to escalation of privileges and compromise the integrity of the system. The flaw is categorized as CWE-276, indicating improper configuration of permissions.

Affected Systems

Acronis Cloud Manager (Windows) versions prior to build 6.4.25342.354 are affected.

Risk and Exploitability

The CVSS score of 6.7 denotes a medium severity vulnerability. With an EPSS score of less than 1% and no listing in the CISA KEV catalog, the likelihood of exploitation is low at present. However, the attack requires local user access and can result in full administrative control over the compromised host. The attack vector is inferred to be local due to the nature of the permission issue and the lack of remote interfaces mentioned in the description.

Generated by OpenCVE AI on April 18, 2026 at 02:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest update to Acronis Cloud Manager, installing a build newer than 6.4.25342.354.
  • Ensure that system folders used by Acronis Cloud Manager have the correct permissions, restricting modify access to only necessary accounts.
  • Review local user accounts and audit permissions to prevent accidental privilege escalation, and monitor system logs for abnormal activity.

Generated by OpenCVE AI on April 18, 2026 at 02:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 02:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Insecure Folder Permissions

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Acronis
Acronis cloud Manager
Vendors & Products Acronis
Acronis cloud Manager

Tue, 27 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 17:00:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354.
Weaknesses CWE-276
References
Metrics cvssV3_0

{'score': 6.7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Acronis Cloud Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-01-27T18:22:08.142Z

Reserved: 2026-01-08T02:16:38.875Z

Link: CVE-2026-0705

cve-icon Vulnrichment

Updated: 2026-01-27T18:20:32.431Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T17:16:10.173

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0705

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:15:05Z

Weaknesses