{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28710", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-03-03T02:29:03.752Z", "datePublished": "2026-03-05T23:48:48.088Z", "dateUpdated": "2026-03-07T04:55:20.943Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:48:48.088Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1390", "description": "CWE-1390", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "platforms": ["Linux", "Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "41186", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-9137", "name": "SEC-9137", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28710"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-07T04:55:20.943Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-06T19:31:22.232051Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T19:31:23.392Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41186", "versionType": "semver"}], "platforms": ["Linux", "Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-9137", "name": "SEC-9137", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1390", "description": "CWE-1390"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:48:48.088Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28710", "state": "PUBLISHED", "dateUpdated": "2026-03-07T04:55:20.943Z", "dateReserved": "2026-03-03T02:29:03.752Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-03-05T23:48:48.088Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "52FF13FE-B050-4333-B0E3-F7EE4AA98520", "versionEndExcluding": "17.0.41186", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186."}, {"lang": "es", "value": "Revelaci\u00f3n de informaci\u00f3n sensible y manipulaci\u00f3n debido a autenticaci\u00f3n incorrecta. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 17 (Linux, Windows) anterior a la compilaci\u00f3n 41186."}], "id": "CVE-2026-28710", "lastModified": "2026-03-12T18:25:51.837", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@acronis.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-06T00:16:11.300", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-9137"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1390"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,41186)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "acronis_cyber_protect_17", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-18T17:29:46.718060+00:00", "value": {"mitigation_remediation": ["Apply the latest Acronis Cyber Protect update that includes the fix for build 41186 or later.", "If an update is not available, restrict the Acronis service by blocking its ports or limiting access through firewall rules.", "Monitor authentication and data access logs for suspicious activity."], "summary": {"action": "Patch", "impact": "Sensitive Data Disclosure"}, "threat_synthesis": {"affected_systems": "Acronis Cyber Protect 17 on Linux and Windows prior to build 41186.", "description_and_impact": "This vulnerability arises from an improper authentication mechanism that allows an attacker to bypass the intended login checks and gain unauthorized read or modification rights to protected data stored by Acronis Cyber Protect. The flaw is identified as CWE-1390, which highlights the failure to properly handle authentication and authorization conditions. The impact is a potential exposure of any data the application manages, leading to confidentiality compromise.", "risk_and_exploitability": "Based on the description, it is inferred that the attack vector is remote network exposure, with crafted requests that do not carry valid credentials. The CVSS score of 9.8 denotes a high severity exposure. The EPSS score of less than 1% suggests that exploitation is not common at the time of this assessment, yet the vulnerability can be triggered remotely when the service is reachable. The issue is not listed in CISA\u2019s KEV catalog, but because it removes authentication safeguards, any actor able to reach the Acronis service can immediately obtain access to sensitive information."}}}}, "created": "2026-03-06T14:56:30.932854+00:00", "title": "Authentication Bypass Causing Sensitive Data Exposure in Acronis Cyber Protect 17", "updated": "2026-04-18T17:30:05.962621+00:00", "vendors": ["acronis", "acronis$PRODUCT$acronis_cyber_protect_17"]}