Description
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
Published: 2026-03-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation
Action: Apply Patch
AI Analysis

Impact

Acronis Cyber Protect 17 contains a DLL hijacking vulnerability that allows an attacker with local access to execute arbitrary code with elevated privileges. The flaw is tied to missing validation of the DLL loading path, making it possible to replace a legitimate library with a malicious variant. The weakness is classified as CWE-427, leading to privilege escalation, integrity breach, and potential system compromise.

Affected Systems

Acronis Cyber Protect 17 for Windows, versions prior to build 41186, are affected. The vulnerability is present in all revisions of this product before the specified build and applies to Windows operating systems used with the software.

Risk and Exploitability

The CVSS score of 6.3 categorizes the risk as medium, while the EPSS score of <1% indicates a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread attacks. Exploitation requires local access to the target system and the ability to place a malicious DLL in the directory examined by the application. Attackers would need administrative or at least write permissions to the installation directory or its search path, making this a local privilege escalation vector.

Generated by OpenCVE AI on April 17, 2026 at 12:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Acronis update that raises the software build to 41186 or newer, as described in the vendor advisory.
  • If an update is unavailable, restrict write permissions to the Acronis installation and DLL search directories to prevent unauthorized DLL placement.
  • Enable Windows integrity controls such as AppLocker or Windows Defender Credential Guard to block unauthorized DLL loading and enforce the execution of signed binaries.

Generated by OpenCVE AI on April 17, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via DLL Hijacking in Acronis Cyber Protect 17

Wed, 11 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Acronis cyber Protect
Microsoft
Microsoft windows
CPEs cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Acronis cyber Protect
Microsoft
Microsoft windows

Fri, 06 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Acronis
Acronis acronis Cyber Protect 17
Vendors & Products Acronis
Acronis acronis Cyber Protect 17

Fri, 06 Mar 2026 00:00:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Acronis Acronis Cyber Protect 17 Cyber Protect
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-03-07T04:55:19.021Z

Reserved: 2026-03-03T02:29:03.753Z

Link: CVE-2026-28711

cve-icon Vulnrichment

Updated: 2026-03-06T19:31:20.866Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T00:16:11.450

Modified: 2026-03-11T14:01:54.483

Link: CVE-2026-28711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:45:16Z

Weaknesses