Description
Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
Published: 2026-06-03
Score: 7.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acronis DeviceLock DLP is vulnerable to local privilege escalation through an EXE hijacking flaw, a form of path manipulation where a malicious file can replace or alter a legitimate executable, enabling an attacker to run code with elevated rights. This weakness is catalogued as CWE-427. The vulnerability allows a user with local access to gain higher privileges, potentially compromising the entire system.

Affected Systems

Products affected are Acronis DeviceLock DLP for Windows; any installation prior to build 9.0.15051.93227 is impacted.

Risk and Exploitability

The CVSS score of 7.3 indicates moderate to high severity, and while the EPSS score is not provided, the flaw is not listed in CISA's KEV catalog, suggesting it is not widely exploited yet. Exploitation requires local user context, with an attacker replacing a legitimate executable or manipulating file paths to execute malicious code. Successful exploitation results in elevated user privileges rather than remote code execution, but can lead to full system compromise if the privileged process has broad access.

Generated by OpenCVE AI on June 3, 2026 at 21:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an updated build of Acronis DeviceLock DLP that is 9.0.15051.93227 or newer, as released by the vendor.
  • Implement filesystem monitoring and restrict user permissions to limit the ability to replace executables, mitigating the impact of similar path manipulation attempts.
  • Deploy application whitelisting or enforce execution policies to detect and block unauthorized executable replacements.

Generated by OpenCVE AI on June 3, 2026 at 21:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via EXE Hijacking in Acronis DeviceLock DLP

Wed, 03 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-06-03T19:25:39.997Z

Reserved: 2026-06-03T16:03:01.812Z

Link: CVE-2026-44609

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-03T20:16:21.310

Modified: 2026-06-03T20:16:21.310

Link: CVE-2026-44609

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T22:00:15Z

Weaknesses