Acronis Cyber Protect 16 (Linux)
by Acronis
CVEs (90)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28710 | 0.00 | — | 0.00 | Mar 5, 2026 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||
| CVE-2026-28709 | 0.00 | — | 0.00 | Mar 5, 2026 | Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||
| CVE-2025-11791 | 0.00 | — | 0.00 | Mar 5, 2026 | Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | |||
| CVE-2025-30416 | 0.00 | — | 0.00 | Feb 20, 2026 | Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | |||
| CVE-2025-30412 | 0.00 | — | 0.00 | Feb 20, 2026 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | |||
| CVE-2025-30411 | 0.00 | — | 0.00 | Feb 20, 2026 | Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | |||
| CVE-2024-55541 | 0.00 | — | 0.00 | Jan 2, 2025 | Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169. | |||
| CVE-2024-55540 | 0.00 | — | 0.00 | Jan 2, 2025 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | |||
| CVE-2024-55543 | 0.00 | — | 0.00 | Jan 2, 2025 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | |||
| CVE-2024-49388 | 0.00 | — | 0.00 | Oct 15, 2024 | Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2024-49387 | 0.00 | — | 0.00 | Oct 15, 2024 | Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2024-49384 | 0.00 | — | 0.00 | Oct 15, 2024 | Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2024-49383 | 0.00 | — | 0.00 | Oct 15, 2024 | Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2024-49382 | 0.00 | — | 0.00 | Oct 15, 2024 | Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||
| CVE-2022-45449 | 0.00 | — | 0.01 | Jul 16, 2024 | Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | |||
| CVE-2023-48682 | 0.00 | — | 0.00 | Feb 27, 2024 | Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||
| CVE-2023-48681 | 0.00 | — | 0.01 | Feb 27, 2024 | Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||
| CVE-2023-48680 | 0.00 | — | 0.00 | Feb 27, 2024 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. | |||
| CVE-2023-48679 | 0.00 | — | 0.01 | Feb 27, 2024 | Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||
| CVE-2023-48678 | 0.00 | — | 0.00 | Feb 27, 2024 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. |
- CVE-2026-28710Mar 5, 2026risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
- CVE-2026-28709Mar 5, 2026risk 0.00cvss —epss 0.00
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
- CVE-2025-11791Mar 5, 2026risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
- CVE-2025-30416Feb 20, 2026risk 0.00cvss —epss 0.00
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
- CVE-2025-30412Feb 20, 2026risk 0.00cvss —epss 0.00
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
- CVE-2025-30411Feb 20, 2026risk 0.00cvss —epss 0.00
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
- CVE-2024-55541Jan 2, 2025risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
- CVE-2024-55540Jan 2, 2025risk 0.00cvss —epss 0.00
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
- CVE-2024-55543Jan 2, 2025risk 0.00cvss —epss 0.00
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
- CVE-2024-49388Oct 15, 2024risk 0.00cvss —epss 0.00
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2024-49387Oct 15, 2024risk 0.00cvss —epss 0.00
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2024-49384Oct 15, 2024risk 0.00cvss —epss 0.00
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2024-49383Oct 15, 2024risk 0.00cvss —epss 0.00
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2024-49382Oct 15, 2024risk 0.00cvss —epss 0.00
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
- CVE-2022-45449Jul 16, 2024risk 0.00cvss —epss 0.01
Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
- CVE-2023-48682Feb 27, 2024risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
- CVE-2023-48681Feb 27, 2024risk 0.00cvss —epss 0.01
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
- CVE-2023-48680Feb 27, 2024risk 0.00cvss —epss 0.00
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.
- CVE-2023-48679Feb 27, 2024risk 0.00cvss —epss 0.01
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
- CVE-2023-48678Feb 27, 2024risk 0.00cvss —epss 0.00
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
Page 2 of 5