Description
Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.
Published: 2026-04-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

An attacker can elevate privileges on an affected macOS system by exploiting improper handling of environment variables. The flaw allows a local user to acquire higher privileges, potentially controlling the machine, and stems from incorrect system configuration handling as described by CWE-15.

Affected Systems

The vulnerability affects Acronis True Image for macOS versions prior to build 42902 and Acronis True Image OEM for macOS versions prior to build 42571. Only the macOS editions are listed as impacted; other operating systems are not mentioned.

Risk and Exploitability

The CVSS base score of 7.8 denotes high severity. EPSS data is unavailable and the issue is not in the CISA KEV catalog. Attackers need local access and can manipulate environment variables to trigger the flaw, making the vector local and the risk significant enough to warrant swift remediation.

Generated by OpenCVE AI on April 10, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Acronis True Image to build 42902 or newer for macOS, and update True Image OEM to build 42571 or newer.
  • Verify the installed build numbers to confirm the vulnerability has been resolved.
  • If an immediate update is not possible, restrict untrusted users from launching the application with altered environment variables.

Generated by OpenCVE AI on April 10, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Improper Environment Variable Handling in Acronis True Image on macOS

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Acronis
Acronis acronis True Image Oem
Acronis true Image
Vendors & Products Acronis
Acronis acronis True Image Oem
Acronis true Image

Fri, 10 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.
Weaknesses CWE-15
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Acronis Acronis True Image Oem True Image
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-04-14T03:55:40.860Z

Reserved: 2026-04-01T00:44:58.740Z

Link: CVE-2026-33092

cve-icon Vulnrichment

Updated: 2026-04-10T14:02:43.216Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-10T14:16:34.880

Modified: 2026-04-13T15:02:06.187

Link: CVE-2026-33092

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:06:03Z

Weaknesses