Description
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
Published: 2026-03-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch
AI Analysis

Impact

A local attacker can elevate privileges by placing a malicious DLL in a directory that is searched before the legitimate DLL used by Acronis Cyber Protect. The flaw allows exploitation without direct network access, leveraging Windows DLL search order to load attacker-controlled code with the application's privileges. The vulnerability is a classic path traversal and DLL hijacking issue, catalogued as CWE‑427, and can compromise system integrity if the malicious code is executed with administrative rights.

Affected Systems

Acronis Cyber Protect 17 on Windows, versions prior to build 41186 are vulnerable. No other products or vendors are listed as affected in the advisory.

Risk and Exploitability

The CVSS base score of 6.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of widespread exploitation. The vulnerability is not present in the CISA KEV catalog. Based on the description, the attack vector is local; an attacker must already have access to the target machine to place or replace the DLL. The condition for exploitation requires write access to a path in the DLL search order, which is typical for local privilege escalation scenarios.

Generated by OpenCVE AI on April 16, 2026 at 11:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Acronis Cyber Protect to build 41186 or newer, which contains the DLL hijacking fix.
  • If an immediate update is not possible, remove or rename the vulnerable DLL directory from the system PATH or adjust the DLL search order policy to prevent loading of unsigned DLLs by the application.
  • Ensure the underlying Windows operating system is kept current with security patches, as the DLL search order behavior may be influenced by OS-level updates.

Generated by OpenCVE AI on April 16, 2026 at 11:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title DLL Hijacking Enables Local Privilege Escalation in Acronis Cyber Protect 17

Wed, 11 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Acronis cyber Protect
Microsoft
Microsoft windows
CPEs cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Acronis cyber Protect
Microsoft
Microsoft windows

Fri, 06 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Acronis
Acronis acronis Cyber Protect 17
Vendors & Products Acronis
Acronis acronis Cyber Protect 17

Fri, 06 Mar 2026 00:00:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Acronis Acronis Cyber Protect 17 Cyber Protect
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-03-07T04:55:17.528Z

Reserved: 2026-03-03T02:29:03.753Z

Link: CVE-2026-28712

cve-icon Vulnrichment

Updated: 2026-03-06T19:31:18.748Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T00:16:11.593

Modified: 2026-03-11T14:00:40.600

Link: CVE-2026-28712

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:00:11Z

Weaknesses