CVE-2026-28713 - Vulnerability Details

- Default Credentials in Acronis Virtual Appliance Enable Local Privilege Escalation

Description

Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.

Published: 2026-03-05

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises because Acronis Virtual Appliance contains a default credentials set for a local privileged user. If an attacker can authenticate with these default credentials, they may gain privileged access to the appliance. This flaw permits local privilege escalation, which could potentially affect confidentiality, integrity, or availability of the protected environment.

Affected Systems

Affected systems include Acronis Cyber Protect 17 (VMware) with build numbers below 41186 and Acronis Cyber Protect Cloud Agent (VMware) with build numbers below 36943, representing virtual appliances that expose default credentials.

Risk and Exploitability

The CVSS base score of 7.1 indicates high severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. It is likely that exploitation requires local access to the virtual appliance; an attacker would need to reach the appliance’s management interface and then authenticate with the default credentials. Once authenticated, the attacker could potentially perform privileged operations, making this a high-impact local privilege escalation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Acronis

Acronis Cyber Protect Cloud Agent

unaffected

Version	Status	Constraints
`unspecified`	affected	< 36943

Acronis

Acronis Cyber Protect 17

unaffected

Version	Status	Constraints
`unspecified`	affected	< 41186

Configuration 1 [-]

OR	cpe:2.3:a:acronis:agent::::::::
	cpe:2.3:a:acronis:cyber_protect::::::::

No data.

Vendor Product Confidence Versions

Acronis

Acronis Cyber Protect 17

100%

Version	Status	Scheme	Platform
`[0,41186)`	affected	generic	['VMware']

Acronis

Cyber Protect Cloud Agent

89%

Version	Status	Scheme	Platform
`[0,36943)`	affected	generic	['vmware']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor‑recommended patch for Acronis Cyber Protect 17, upgrading to build 41186 or later.
Apply the vendor‑recommended patch for Acronis Cyber Protect Cloud Agent upgrading to build 36943 or later.
If a patch is not immediately available, disable external management access to the virtual appliance and enforce strict authentication controls until remediation can be applied.

Generated by OpenCVE AI on April 17, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0005.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://security-advisory.acronis.com/advisories/SEC-4168

History

Fri, 17 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
Title		Default Credentials in Acronis Virtual Appliance Enable Local Privilege Escalation

Fri, 13 Mar 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Acronis agent Acronis cyber Protect
CPEs		cpe:2.3:a:acronis:agent:::::::: cpe:2.3:a:acronis:cyber_protect::::::::
Vendors & Products		Acronis agent Acronis cyber Protect

Fri, 06 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 06 Mar 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Acronis Acronis acronis Cyber Protect 17 Acronis cyber Protect Cloud Agent
Vendors & Products		Acronis Acronis acronis Cyber Protect 17 Acronis cyber Protect Cloud Agent

Fri, 06 Mar 2026 00:00:00 +0000

Type	Values Removed	Values Added
Description		Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.
Weaknesses		CWE-1392
References		https://security-advisory.acronis.com/advisories/SEC-4168
Metrics		cvssV3_0 `{'score': 7.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L'}`

Subscriptions

Acronis Acronis Cyber Protect 17 Agent Cyber Protect Cyber Protect Cloud Agent

MITRE

Status: PUBLISHED

Assigner: Acronis

Published: 2026-03-05T23:51:30.830Z

Updated: 2026-03-07T04:55:22.751Z

Reserved: 2026-03-03T02:29:03.753Z

Link: CVE-2026-28713

Vulnrichment

Updated: 2026-03-06T19:31:16.739Z

NVD

Status : Analyzed

Published: 2026-03-06T00:16:11.750

Modified: 2026-03-13T16:37:26.227

Link: CVE-2026-28713

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T12:45:16Z

Weaknesses

CWE-1392

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object