Description
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
Published: 2026-04-29
Score: 6.7 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acronis DeviceLock DLP contains a DLL hijacking vulnerability that can be exploited locally to achieve privilege escalation. By placing a malicious DLL in a directory that the application searches, an attacker with user‑level access can execute code with the privileges of the DeviceLock service, enabling configuration changes or arbitrary code execution.

Affected Systems

The vulnerability affects the Windows version of Acronis DeviceLock DLP prior to build 9.0.93212.

Risk and Exploitability

The CVSS score of 6.7 indicates moderate severity. EPSS is not available and the flaw is not listed in the CISA KEV catalogue, suggesting that exploitation is currently uncommon. Attackers would need local access to the server to place a rogue DLL, meaning the threat is confined to environments where users have file write or program execution rights on the same machine.

Generated by OpenCVE AI on April 29, 2026 at 16:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Acronis DeviceLock DLP to build 9.0.93212 or later.
  • Ensure the system follows Microsoft’s DLL hijacking mitigation guidance, such as using AppLocker or enforcing current DLL search order policies.
  • Monitor the DeviceLock installation directory for unexpected DLLs or anomalous privilege elevation events.

Generated by OpenCVE AI on April 29, 2026 at 16:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Title DLL Hijacking Exploitation Allows Local Privilege Escalation in Acronis DeviceLock DLP

Wed, 29 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 6.7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-04-29T15:12:19.260Z

Reserved: 2026-04-01T00:44:58.767Z

Link: CVE-2026-25852

cve-icon Vulnrichment

Updated: 2026-04-29T15:12:15.012Z

cve-icon NVD

Status : Received

Published: 2026-04-29T15:16:05.313

Modified: 2026-04-29T15:16:05.313

Link: CVE-2026-25852

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T17:00:13Z

Weaknesses