Description
Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
Published: 2026-03-05
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is caused by insufficient input validation in authentication logging, allowing an attacker to inject malformed data that can exhaust resources or crash the logging process. This leads to a denial of service, interrupting the authentication service and causing temporary unavailability for users. No evidence of code execution or data compromise is provided.

Affected Systems

The affected product is Acronis Cyber Protect 17 on Linux and Windows platforms. Any build prior to 41186 is vulnerable; builds 41186 and later include the fix.

Risk and Exploitability

The CVSS score of 7.5 indicates a moderate to high severity level. The EPSS score is below 1%, indicating a low probability of immediate exploitation, and the vulnerability is not listed in the CISA KEV catalog. An attacker could craft authentication requests containing malicious payloads targeting the logging component, potentially causing the service to become unavailable. The DoS impact is limited to the authentication subsystem but can disrupt overall system access.

Generated by OpenCVE AI on April 16, 2026 at 11:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Acronis Cyber Protect 17 to build 41186 or newer to apply the vendor fix for input validation.
  • If an upgrade cannot be performed immediately, temporarily disable or reduce authentication logging to mitigate the chance of a DoS attack.
  • Implement input sanitization for all authentication log entries, ensuring only expected and safe data is written, following CWE‑779 best practices.
  • Monitor authentication services for abnormal log activity or repeated failures that may indicate an attempt to trigger the denial of service.

Generated by OpenCVE AI on April 16, 2026 at 11:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title DoS via Unvalidated Authentication Logging in Acronis Cyber Protect 17

Thu, 12 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Acronis cyber Protect
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Acronis cyber Protect
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Mon, 09 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Acronis
Acronis acronis Cyber Protect 17
Vendors & Products Acronis
Acronis acronis Cyber Protect 17

Fri, 06 Mar 2026 00:00:00 +0000

Type Values Removed Values Added
Description Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
Weaknesses CWE-779
References
Metrics cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Acronis Acronis Cyber Protect 17 Cyber Protect
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-03-09T16:37:56.483Z

Reserved: 2026-03-03T02:29:03.753Z

Link: CVE-2026-28718

cve-icon Vulnrichment

Updated: 2026-03-09T16:37:53.631Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T00:16:12.553

Modified: 2026-03-12T15:37:14.057

Link: CVE-2026-28718

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:00:11Z

Weaknesses