{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28709", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-03-03T02:29:03.752Z", "datePublished": "2026-03-05T23:48:07.935Z", "dateUpdated": "2026-03-06T19:34:34.657Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:48:07.935Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "platforms": ["Linux", "Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "41186", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-5889", "name": "SEC-5889", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "@theelgo64 (https://hackerone.com/theelgo64)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T19:29:52.514872Z", "id": "CVE-2026-28709", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T19:34:34.657Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28709", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-06T19:29:52.514872Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T19:29:53.541Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@theelgo64 (https://hackerone.com/theelgo64)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41186", "versionType": "semver"}], "platforms": ["Linux", "Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-5889", "name": "SEC-5889", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:48:07.935Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28709", "state": "PUBLISHED", "dateUpdated": "2026-03-06T19:34:34.657Z", "dateReserved": "2026-03-03T02:29:03.752Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-03-05T23:48:07.935Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "52FF13FE-B050-4333-B0E3-F7EE4AA98520", "versionEndExcluding": "17.0.41186", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186."}, {"lang": "es", "value": "Manipulaci\u00f3n no autorizada de recursos debido a comprobaciones de autorizaci\u00f3n incorrectas. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 17 (Linux, Windows) anterior a la compilaci\u00f3n 41186."}], "id": "CVE-2026-28709", "lastModified": "2026-03-12T18:26:28.180", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@acronis.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-06T00:16:11.153", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-5889"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Linux", "Windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,41186)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "acronis_cyber_protect_17", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-17T12:32:16.383958+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to build 41186 or later.", "Restrict user and service accounts that access the Acronis application to the minimum privileges required for their role, following the principle of least privilege.", "Enable detailed logging for resource manipulation events, regularly monitor logs for anomalous activity, and investigate any unauthorized changes promptly."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Resource Manipulation"}, "threat_synthesis": {"affected_systems": "The affected products are Acronis Cyber Protect version 17 running on Linux and Windows operating systems, specifically any build before 41186. No other versions or platforms are listed, and the vulnerability does not appear to affect earlier releases or unrelated Acronis products.", "description_and_impact": "An improper authorization check in Acronis Cyber Protect allows an attacker to manipulate resources they should not have access to. The vulnerability is associated with CWE-863 (Authorization Bypass Through User-Controlled Key). While the description does not specify the exact exploitation path, it implies that an authenticated or unauthenticated user can trigger actions that bypass normal access controls, potentially leading to data tampering or service disruption. The impact is limited to the scope of the affected system but can compromise the integrity of protected data or system configuration.", "risk_and_exploitability": "The CVSS score is 4.3, indicating a moderate severity impact. The EPSS score is below 1%, suggesting low observed exploit activity to date. The vulnerability is not listed in CISA\u2019s KEV catalog. Given the improper authorization nature, the likely attack vector would involve a user with access to the Acronis application or a service running on the host. Exploitation would require successfully interacting with the affected component, potentially via standard user credentials, to perform unauthorized resource changes."}}}}, "created": "2026-03-06T14:56:31.834565+00:00", "title": "Improper Authorization Allows Unauthorized Resource Manipulation in Acronis Cyber Protect", "updated": "2026-04-17T12:45:16.114007+00:00", "vendors": ["acronis", "acronis$PRODUCT$acronis_cyber_protect_17"]}