Description
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
Published: 2026-04-02
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation via DLL hijacking
Action: Patch Now
AI Analysis

Impact

Acronis True Image on Windows contains a flaw in the way it loads Dynamic Link Libraries. A local attacker can place a malicious DLL in the program’s search path, causing the application to load that DLL instead of the intended one. The resulting code execution can grant the attacker elevated privileges on the affected system, effectively allowing privilege escalation.

Affected Systems

Acronis True Image for Windows versions prior to build 42902 are affected. The vulnerability is specific to Windows installations of this product.

Risk and Exploitability

The CVSS score of 6.7 indicates medium severity. The attack path requires a local attacker or one who can write to the installation directory, so the exploit is limited to environments with local access. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, implying no widely reported exploitation yet. Nonetheless, the potential for privilege escalation warrants immediate remediation, and the likely attack vector is local DLL hijacking inferred from the description.

Generated by OpenCVE AI on April 2, 2026 at 21:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Acronis True Image to build 42902 or later.
  • Remove any untrusted or unknown DLLs from the Acronis installation directory.
  • Apply operating‑system security patches and monitor for unauthorized DLLs.

Generated by OpenCVE AI on April 2, 2026 at 21:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Acronis
Acronis true Image
Vendors & Products Acronis
Acronis true Image

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 6.7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Acronis True Image
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-04-03T03:55:46.690Z

Reserved: 2026-03-03T02:29:03.755Z

Link: CVE-2026-28728

cve-icon Vulnrichment

Updated: 2026-04-02T17:45:52.347Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:27.260

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-28728

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:18Z

Weaknesses