Description
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
Published: 2026-03-05
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized resource manipulation via improper authorization
Action: Patch
AI Analysis

Impact

The vulnerability allows an attacker to manipulate system resources by bypassing authorization checks. It is classified as CWE-863, indicating improper authorization. An attacker who can gain unauthorized access to modify resources could affect system integrity, potentially leading to uncontrolled configuration changes or data loss.

Affected Systems

Acronis Cyber Protect 17 on Linux and Microsoft Windows platforms is affected in all builds prior to build 41186. The issue exists across all documented operating systems listed for the product.

Risk and Exploitability

The CVSS score of 4.3 places this vulnerability in the moderate severity range, and the EPSS score of less than 1% indicates a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is either local or remote access to the application where improper authorization checks can be leveraged, typically requiring authentication but bypassing further permission validation.

Generated by OpenCVE AI on April 17, 2026 at 12:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Acronis Cyber Protect release (build 41186 or later) to eliminate the authorization flaw.
  • Restrict service and application user privileges to only those necessary for operation, removing or limiting accounts that could be used to manipulate resources.
  • Enable and regularly review audit logging for unauthorized resource changes to detect potential exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
Title Improper Authorization Enables Unauthorized Resource Manipulation in Acronis Cyber Protect

Fri, 13 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Acronis cyber Protect
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Acronis cyber Protect
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Mon, 09 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Acronis
Acronis acronis Cyber Protect 17
Vendors & Products Acronis
Acronis acronis Cyber Protect 17

Fri, 06 Mar 2026 00:00:00 +0000

Type Values Removed Values Added
Description Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
Weaknesses CWE-863
References
Metrics cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Acronis Acronis Cyber Protect 17 Cyber Protect
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-03-09T16:37:35.513Z

Reserved: 2026-03-03T02:29:03.754Z

Link: CVE-2026-28719

cve-icon Vulnrichment

Updated: 2026-03-09T16:37:30.869Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T00:16:12.727

Modified: 2026-03-13T16:39:05.150

Link: CVE-2026-28719

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:45:16Z

Weaknesses