Description
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
Published: 2026-04-02
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability is a local privilege escalation flaw caused by insecure folder permissions in Acronis True Image. A non‑privileged user can read, modify, or delete files that should be protected, allowing the attacker to assume administrative rights. This could lead to the installation of malware, data theft, or other malicious actions.

Affected Systems

Affected Windows versions of Acronis True Image built before build 42902. Users running these builds should treat them as vulnerable.

Risk and Exploitability

The CVSS base score is 6.7, indicating moderate severity. No EPSS value is available, and the vulnerability is not listed in the CISA KEV catalog. The flaw requires local access and a user account; by increasing local privileges, an attacker can compromise the system. The risk is higher on systems with standard user accounts and insecure permissions.

Generated by OpenCVE AI on April 2, 2026 at 21:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Acronis True Image update (build 42902 or later).
  • If the update is not yet available, restrict permissions on the vulnerable folders to remove access for standard users.
  • Verify that folder permissions adhere to least privilege principles.
  • Monitor user accounts for unexpected privilege escalation.

Generated by OpenCVE AI on April 2, 2026 at 21:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Insecure Folder Permissions in Acronis True Image (before build 42902)
First Time appeared Acronis
Acronis true Image
Vendors & Products Acronis
Acronis true Image

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
Weaknesses CWE-732
References
Metrics cvssV3_0

{'score': 6.7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Acronis True Image
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-04-03T03:55:49.028Z

Reserved: 2026-04-01T00:44:58.761Z

Link: CVE-2026-33271

cve-icon Vulnrichment

Updated: 2026-04-02T17:47:01.219Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T18:16:27.903

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-33271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:16Z

Weaknesses