Sign in Get started

← All vendors

Vendor

Acronis

Sign in to watch

Products

7

CVEs

15

Across products

29

Status

Private

Products

7

Recent CVEs

15

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2023-44208	Cri	0.59	9.1	0.00		Oct 4, 2023	Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
CVE-2017-3219	Hig	0.57	8.8	0.00		Jun 21, 2017	Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.
CVE-2026-28727	Hig	0.51	7.8	0.00		Mar 6, 2026	Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.
CVE-2023-48677	Hig	0.51	7.8	0.00		Dec 12, 2023	Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.
CVE-2022-46869	Hig	0.51	7.8	0.00		Aug 31, 2023	Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575.
CVE-2023-41743	Hig	0.51	7.8	0.00		Aug 31, 2023	Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.
CVE-2023-5042	Hig	0.49	7.5	0.00		Sep 20, 2023	Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
CVE-2026-33271	Med	0.44	6.7	0.00		Apr 2, 2026	Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
CVE-2026-28728	Med	0.44	6.7	0.00		Apr 2, 2026	Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
CVE-2026-27774	Med	0.44	6.7	0.00		Apr 2, 2026	Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
CVE-2008-1410		0.04	—	0.11		Mar 20, 2008	Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
CVE-2008-1411		0.04	—	0.10		Mar 20, 2008	The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
CVE-2008-3671		0.00	—	0.00		Aug 13, 2008	Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1279		0.00	—	0.01		Mar 10, 2008	Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.
CVE-2008-1280		0.00	—	0.01		Mar 10, 2008	Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.