Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for Acronis True Image by Acronis

    CVE-2026-33092 (GCVE-0-2026-33092)

    Vulnerability from nvd – Published: 2026-04-10 13:17 – Updated: 2026-04-14 03:55
    VLAI
    Summary
    Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image OEM Affected: unspecified , < 42571 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @aiqitut (https://hackerone.com/aiqitut)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33092",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T03:55:40.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42571",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@aiqitut (https://hackerone.com/aiqitut)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-15",
                  "description": "CWE-15",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:17:45.275Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9407",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9407"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-33092",
        "datePublished": "2026-04-10T13:17:45.275Z",
        "dateReserved": "2026-04-01T00:44:58.740Z",
        "dateUpdated": "2026-04-14T03:55:40.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33271 (GCVE-0-2026-33271)

    Vulnerability from nvd – Published: 2026-04-02 17:06 – Updated: 2026-04-03 03:55
    VLAI
    Summary
    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @s3nds3c (https://hackerone.com/s3nds3c)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T03:55:49.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@s3nds3c (https://hackerone.com/s3nds3c)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:06:24.089Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9108",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9108"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-33271",
        "datePublished": "2026-04-02T17:06:24.089Z",
        "dateReserved": "2026-04-01T00:44:58.761Z",
        "dateUpdated": "2026-04-03T03:55:49.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28728 (GCVE-0-2026-28728)

    Vulnerability from nvd – Published: 2026-04-02 17:04 – Updated: 2026-04-03 03:55
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28728",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T03:55:46.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:04:45.425Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-10401",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-10401"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-28728",
        "datePublished": "2026-04-02T17:04:45.425Z",
        "dateReserved": "2026-03-03T02:29:03.755Z",
        "dateUpdated": "2026-04-03T03:55:46.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27774 (GCVE-0-2026-27774)

    Vulnerability from nvd – Published: 2026-04-02 17:05 – Updated: 2026-04-03 03:55
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @chipotle_chili (https://hackerone.com/chipotle_chili)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T03:55:47.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@chipotle_chili (https://hackerone.com/chipotle_chili)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:05:19.178Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-10057",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-10057"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-27774",
        "datePublished": "2026-04-02T17:05:19.178Z",
        "dateReserved": "2026-04-01T00:44:58.734Z",
        "dateUpdated": "2026-04-03T03:55:47.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28727 (GCVE-0-2026-28727)

    Vulnerability from nvd – Published: 2026-03-05 23:45 – Updated: 2026-04-02 17:05
    VLAI
    Summary
    Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @aiqitut (https://hackerone.com/aiqitut)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-07T04:55:25.648024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T13:47:56.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@aiqitut (https://hackerone.com/aiqitut)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:05:54.369Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9408",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9408"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-28727",
        "datePublished": "2026-03-05T23:45:20.331Z",
        "dateReserved": "2026-03-03T02:29:03.754Z",
        "dateUpdated": "2026-04-02T17:05:54.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7779 (GCVE-0-2025-7779)

    Vulnerability from nvd – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:17
    VLAI
    Summary
    Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    @nullevent (https://hackerone.com/nullevent) Carlos Garrido (https://pentraze.com/vulnerability-reports) Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-01T03:55:58.283462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:47.347Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42389",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image for SanDisk",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42198",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image for Western Digital",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42197",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42571",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@nullevent (https://hackerone.com/nullevent)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Carlos Garrido (https://pentraze.com/vulnerability-reports)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:17:25.600Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-8193",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-8193"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-7779",
        "datePublished": "2025-09-30T14:52:46.494Z",
        "dateReserved": "2025-07-17T22:39:45.615Z",
        "dateUpdated": "2026-04-10T13:17:25.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11178 (GCVE-0-2025-11178)

    Vulnerability from nvd – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:16
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    @satz4797 (https://hackerone.com/satz4797)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-01T03:55:57.464131Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:47.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42386",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image for Western Digital",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42636",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image for SanDisk",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42679",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@satz4797 (https://hackerone.com/satz4797)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:16:25.613Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-7078",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-7078"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-11178",
        "datePublished": "2025-09-30T14:52:20.711Z",
        "dateReserved": "2025-09-29T22:35:29.171Z",
        "dateUpdated": "2026-04-10T13:16:25.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55538 (GCVE-0-2024-55538)

    Vulnerability from nvd – Published: 2025-01-02 14:14 – Updated: 2026-04-10 13:13
    VLAI
    Summary
    Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 41725 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 41736 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42571 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T14:49:50.590543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T14:49:58.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41725",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41736",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42571",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:13:54.412Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-2209",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-2209"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2024-55538",
        "datePublished": "2025-01-02T14:14:20.929Z",
        "dateReserved": "2024-12-06T17:33:33.991Z",
        "dateUpdated": "2026-04-10T13:13:54.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-49385 (GCVE-0-2024-49385)

    Vulnerability from nvd – Published: 2025-01-02 14:14 – Updated: 2026-04-10 13:14
    VLAI
    Summary
    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 41736 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49385",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T14:49:00.691607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T14:49:09.334Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41736",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:14:22.671Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-2397",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-2397"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2024-49385",
        "datePublished": "2025-01-02T14:14:35.360Z",
        "dateReserved": "2024-10-14T15:01:16.473Z",
        "dateUpdated": "2026-04-10T13:14:22.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34013 (GCVE-0-2024-34013)

    Vulnerability from nvd – Published: 2024-07-18 13:36 – Updated: 2026-04-10 13:17
    VLAI
    Summary
    Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 41396 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42571 (semver)
    Create a notification for this product.
    acronis true_image Affected: 0 , < 41396 (semver)
        cpe:2.3:a:acronis:true_image:-:*:*:*:*:macos:*:*
    Create a notification for this product.
    Credits
    @redwise (https://hackerone.com/redwise)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:true_image:-:*:*:*:*:macos:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "true_image",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "41396",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-18T18:00:18.497346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-18T18:02:12.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:43:00.176Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-7035",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-7035"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41396",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42571",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@redwise (https://hackerone.com/redwise)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:17:05.518Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-7035",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-7035"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2024-34013",
        "datePublished": "2024-07-18T13:36:39.924Z",
        "dateReserved": "2024-04-29T15:33:32.845Z",
        "dateUpdated": "2026-04-10T13:17:05.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34010 (GCVE-0-2024-34010)

    Vulnerability from nvd – Published: 2024-04-29 15:48 – Updated: 2026-04-10 13:16
    VLAI
    Summary
    Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 37758 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 38690 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 42386 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    acronis cyber_protect_cloud_agent Affected: - , < build_37758 (custom)
        cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    @cyberexplorer (https://hackerone.com/cyberexplorer)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cyber_protect_cloud_agent",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "build_37758",
                    "status": "affected",
                    "version": "-",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T16:59:36.817995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:42:35.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:42:59.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-7110",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-7110"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "37758",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "38690",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42386",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@cyberexplorer (https://hackerone.com/cyberexplorer)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:16:47.709Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-7110",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-7110"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2024-34010",
        "datePublished": "2024-04-29T15:48:14.398Z",
        "dateReserved": "2024-04-29T15:33:32.845Z",
        "dateUpdated": "2026-04-10T13:16:47.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33092 (GCVE-0-2026-33092)

    Vulnerability from cvelistv5 – Published: 2026-04-10 13:17 – Updated: 2026-04-14 03:55
    VLAI
    Summary
    Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image OEM Affected: unspecified , < 42571 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @aiqitut (https://hackerone.com/aiqitut)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33092",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T03:55:40.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42571",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@aiqitut (https://hackerone.com/aiqitut)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-15",
                  "description": "CWE-15",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:17:45.275Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9407",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9407"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-33092",
        "datePublished": "2026-04-10T13:17:45.275Z",
        "dateReserved": "2026-04-01T00:44:58.740Z",
        "dateUpdated": "2026-04-14T03:55:40.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33271 (GCVE-0-2026-33271)

    Vulnerability from cvelistv5 – Published: 2026-04-02 17:06 – Updated: 2026-04-03 03:55
    VLAI
    Summary
    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @s3nds3c (https://hackerone.com/s3nds3c)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T03:55:49.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@s3nds3c (https://hackerone.com/s3nds3c)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:06:24.089Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9108",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9108"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-33271",
        "datePublished": "2026-04-02T17:06:24.089Z",
        "dateReserved": "2026-04-01T00:44:58.761Z",
        "dateUpdated": "2026-04-03T03:55:49.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27774 (GCVE-0-2026-27774)

    Vulnerability from cvelistv5 – Published: 2026-04-02 17:05 – Updated: 2026-04-03 03:55
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @chipotle_chili (https://hackerone.com/chipotle_chili)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T03:55:47.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@chipotle_chili (https://hackerone.com/chipotle_chili)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:05:19.178Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-10057",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-10057"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-27774",
        "datePublished": "2026-04-02T17:05:19.178Z",
        "dateReserved": "2026-04-01T00:44:58.734Z",
        "dateUpdated": "2026-04-03T03:55:47.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28728 (GCVE-0-2026-28728)

    Vulnerability from cvelistv5 – Published: 2026-04-02 17:04 – Updated: 2026-04-03 03:55
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28728",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T03:55:46.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:04:45.425Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-10401",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-10401"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-28728",
        "datePublished": "2026-04-02T17:04:45.425Z",
        "dateReserved": "2026-03-03T02:29:03.755Z",
        "dateUpdated": "2026-04-03T03:55:46.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28727 (GCVE-0-2026-28727)

    Vulnerability from cvelistv5 – Published: 2026-03-05 23:45 – Updated: 2026-04-02 17:05
    VLAI
    Summary
    Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect 17 Affected: unspecified , < 41186 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 41124 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 42902 (semver)
    Create a notification for this product.
    Credits
    @aiqitut (https://hackerone.com/aiqitut)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-07T04:55:25.648024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T13:47:56.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis Cyber Protect 17",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41186",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41124",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42902",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@aiqitut (https://hackerone.com/aiqitut)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124, Acronis True Image (macOS) before build 42902."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T17:05:54.369Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-9408",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-9408"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2026-28727",
        "datePublished": "2026-03-05T23:45:20.331Z",
        "dateReserved": "2026-03-03T02:29:03.754Z",
        "dateUpdated": "2026-04-02T17:05:54.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7779 (GCVE-0-2025-7779)

    Vulnerability from cvelistv5 – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:17
    VLAI
    Summary
    Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    @nullevent (https://hackerone.com/nullevent) Carlos Garrido (https://pentraze.com/vulnerability-reports) Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-01T03:55:58.283462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:47.347Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42389",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image for SanDisk",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42198",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image for Western Digital",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42197",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42571",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@nullevent (https://hackerone.com/nullevent)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Carlos Garrido (https://pentraze.com/vulnerability-reports)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:17:25.600Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-8193",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-8193"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-7779",
        "datePublished": "2025-09-30T14:52:46.494Z",
        "dateReserved": "2025-07-17T22:39:45.615Z",
        "dateUpdated": "2026-04-10T13:17:25.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11178 (GCVE-0-2025-11178)

    Vulnerability from cvelistv5 – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:16
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    @satz4797 (https://hackerone.com/satz4797)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-01T03:55:57.464131Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:47.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42386",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image for Western Digital",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42636",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image for SanDisk",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42679",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@satz4797 (https://hackerone.com/satz4797)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:16:25.613Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-7078",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-7078"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2025-11178",
        "datePublished": "2025-09-30T14:52:20.711Z",
        "dateReserved": "2025-09-29T22:35:29.171Z",
        "dateUpdated": "2026-04-10T13:16:25.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-49385 (GCVE-0-2024-49385)

    Vulnerability from cvelistv5 – Published: 2025-01-02 14:14 – Updated: 2026-04-10 13:14
    VLAI
    Summary
    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 41736 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49385",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T14:49:00.691607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T14:49:09.334Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41736",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:14:22.671Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-2397",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-2397"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2024-49385",
        "datePublished": "2025-01-02T14:14:35.360Z",
        "dateReserved": "2024-10-14T15:01:16.473Z",
        "dateUpdated": "2026-04-10T13:14:22.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55538 (GCVE-0-2024-55538)

    Vulnerability from cvelistv5 – Published: 2025-01-02 14:14 – Updated: 2026-04-10 13:13
    VLAI
    Summary
    Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 41725 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 41736 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42571 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T14:49:50.590543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T14:49:58.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41725",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41736",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42571",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:13:54.412Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-2209",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-2209"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2024-55538",
        "datePublished": "2025-01-02T14:14:20.929Z",
        "dateReserved": "2024-12-06T17:33:33.991Z",
        "dateUpdated": "2026-04-10T13:13:54.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34013 (GCVE-0-2024-34013)

    Vulnerability from cvelistv5 – Published: 2024-07-18 13:36 – Updated: 2026-04-10 13:17
    VLAI
    Summary
    Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis True Image Affected: unspecified , < 41396 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42571 (semver)
    Create a notification for this product.
    acronis true_image Affected: 0 , < 41396 (semver)
        cpe:2.3:a:acronis:true_image:-:*:*:*:*:macos:*:*
    Create a notification for this product.
    Credits
    @redwise (https://hackerone.com/redwise)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:true_image:-:*:*:*:*:macos:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "true_image",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "41396",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-18T18:00:18.497346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-18T18:02:12.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:43:00.176Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-7035",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-7035"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "41396",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "macOS"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42571",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@redwise (https://hackerone.com/redwise)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:17:05.518Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-7035",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-7035"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2024-34013",
        "datePublished": "2024-07-18T13:36:39.924Z",
        "dateReserved": "2024-04-29T15:33:32.845Z",
        "dateUpdated": "2026-04-10T13:17:05.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34010 (GCVE-0-2024-34010)

    Vulnerability from cvelistv5 – Published: 2024-04-29 15:48 – Updated: 2026-04-10 13:16
    VLAI
    Summary
    Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 37758 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 16 Affected: unspecified , < 38690 (semver)
    Create a notification for this product.
    Acronis Acronis True Image Affected: unspecified , < 42386 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    acronis cyber_protect_cloud_agent Affected: - , < build_37758 (custom)
        cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    @cyberexplorer (https://hackerone.com/cyberexplorer)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cyber_protect_cloud_agent",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "build_37758",
                    "status": "affected",
                    "version": "-",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T16:59:36.817995Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:42:35.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:42:59.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-7110",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-7110"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "37758",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "38690",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42386",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@cyberexplorer (https://hackerone.com/cyberexplorer)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:16:47.709Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-7110",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-7110"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2024-34010",
        "datePublished": "2024-04-29T15:48:14.398Z",
        "dateReserved": "2024-04-29T15:33:32.845Z",
        "dateUpdated": "2026-04-10T13:16:47.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }