Cyber Protect
by Acronis
CVEs (94)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30410 | Cri | 0.64 | 9.8 | 0.01 | Feb 20, 2026 | Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect… | ||
| CVE-2024-34010 | Hig | 0.53 | 8.2 | 0.00 | Apr 29, 2024 | Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386,… | ||
| CVE-2026-28727 | Hig | 0.51 | 7.8 | 0.00 | Mar 6, 2026 | Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902. | ||
| CVE-2023-41743 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2023 | Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15… | ||
| CVE-2025-48961 | Hig | 0.47 | 7.3 | 0.00 | Jun 4, 2025 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938. | ||
| CVE-2023-48684 | Hig | 0.46 | 7.1 | 0.00 | Apr 29, 2024 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | ||
| CVE-2025-30408 | Med | 0.44 | 6.7 | 0.00 | Apr 24, 2025 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938. | ||
| CVE-2024-8766 | Med | 0.44 | 6.7 | 0.00 | Sep 16, 2024 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169. | ||
| CVE-2025-48960 | Med | 0.38 | 5.9 | 0.00 | Jun 4, 2025 | Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938. | ||
| CVE-2025-30409 | Med | 0.36 | 5.5 | 0.00 | Apr 24, 2025 | Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 17 (Windows) before build 41186. | ||
| CVE-2024-56414 | Med | 0.36 | 5.5 | 0.00 | Jan 2, 2025 | Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | ||
| CVE-2024-55542 | Med | 0.29 | 4.4 | 0.00 | Jan 2, 2025 | Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895. | ||
| CVE-2025-48962 | Med | 0.28 | 4.3 | 0.00 | Jun 4, 2025 | Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. | ||
| CVE-2022-30995 | 0.08 | — | 0.03 | May 3, 2023 | Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | |||
| CVE-2022-3405 | 0.06 | — | 0.05 | May 3, 2023 | Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | |||
| CVE-2026-28726 | 0.00 | — | 0.00 | Mar 5, 2026 | Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||
| CVE-2026-28725 | 0.00 | — | 0.00 | Mar 5, 2026 | Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||
| CVE-2026-28724 | 0.00 | — | 0.00 | Mar 5, 2026 | Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||
| CVE-2026-28723 | 0.00 | — | 0.00 | Mar 5, 2026 | Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||
| CVE-2026-28722 | 0.00 | — | 0.00 | Mar 5, 2026 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. |
- risk 0.64cvss 9.8epss 0.01
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect…
- risk 0.53cvss 8.2epss 0.00
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386,…
- risk 0.51cvss 7.8epss 0.00
Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.
- risk 0.51cvss 7.8epss 0.00
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15…
- risk 0.47cvss 7.3epss 0.00
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.
- risk 0.46cvss 7.1epss 0.00
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
- risk 0.44cvss 6.7epss 0.00
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.
- risk 0.44cvss 6.7epss 0.00
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.
- risk 0.38cvss 5.9epss 0.00
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938.
- risk 0.36cvss 5.5epss 0.00
Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 17 (Windows) before build 41186.
- risk 0.36cvss 5.5epss 0.00
Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
- risk 0.29cvss 4.4epss 0.00
Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895.
- risk 0.28cvss 4.3epss 0.00
Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.
- CVE-2022-30995May 3, 2023risk 0.08cvss —epss 0.03
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
- CVE-2022-3405May 3, 2023risk 0.06cvss —epss 0.05
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
- CVE-2026-28726Mar 5, 2026risk 0.00cvss —epss 0.00
Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
- CVE-2026-28725Mar 5, 2026risk 0.00cvss —epss 0.00
Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
- CVE-2026-28724Mar 5, 2026risk 0.00cvss —epss 0.00
Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
- CVE-2026-28723Mar 5, 2026risk 0.00cvss —epss 0.00
Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
- CVE-2026-28722Mar 5, 2026risk 0.00cvss —epss 0.00
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
Page 1 of 5