{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28711", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-03-03T02:29:03.753Z", "datePublished": "2026-03-05T23:50:16.116Z", "dateUpdated": "2026-03-07T04:55:19.021Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:50:16.116Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-427", "description": "CWE-427", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "41186", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-2330", "name": "SEC-2330", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "@vanitas (https://hackerone.com/vanitas)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28711"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-07T04:55:19.021Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28711", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-06T19:31:19.768678Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T19:31:20.866Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@vanitas (https://hackerone.com/vanitas)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41186", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-2330", "name": "SEC-2330", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:50:16.116Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28711", "state": "PUBLISHED", "dateUpdated": "2026-03-07T04:55:19.021Z", "dateReserved": "2026-03-03T02:29:03.753Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-03-05T23:50:16.116Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "52FF13FE-B050-4333-B0E3-F7EE4AA98520", "versionEndExcluding": "17.0.41186", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}, {"lang": "es", "value": "Escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 17 (Windows) anterior a la compilaci\u00f3n 41186."}], "id": "CVE-2026-28711", "lastModified": "2026-03-11T14:01:54.483", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "security@acronis.com", "type": "Secondary"}]}, "published": "2026-03-06T00:16:11.450", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-2330"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,41186)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "acronis_cyber_protect_17", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-17T12:31:47.487601+00:00", "value": {"mitigation_remediation": ["Apply the Acronis update that raises the software build to 41186 or newer, as described in the vendor advisory.", "If an update is unavailable, restrict write permissions to the Acronis installation and DLL search directories to prevent unauthorized DLL placement.", "Enable Windows integrity controls such as AppLocker or Windows Defender Credential Guard to block unauthorized DLL loading and enforce the execution of signed binaries."], "summary": {"action": "Apply Patch", "impact": "Local privilege escalation"}, "threat_synthesis": {"affected_systems": "Acronis Cyber Protect 17 for Windows, versions prior to build 41186, are affected. The vulnerability is present in all revisions of this product before the specified build and applies to Windows operating systems used with the software.", "description_and_impact": "Acronis Cyber Protect 17 contains a DLL hijacking vulnerability that allows an attacker with local access to execute arbitrary code with elevated privileges. The flaw is tied to missing validation of the DLL loading path, making it possible to replace a legitimate library with a malicious variant. The weakness is classified as CWE-427, leading to privilege escalation, integrity breach, and potential system compromise.", "risk_and_exploitability": "The CVSS score of 6.3 categorizes the risk as medium, while the EPSS score of <1% indicates a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread attacks. Exploitation requires local access to the target system and the ability to place a malicious DLL in the directory examined by the application. Attackers would need administrative or at least write permissions to the installation directory or its search path, making this a local privilege escalation vector."}}}}, "created": "2026-03-06T14:56:29.924010+00:00", "title": "Local Privilege Escalation via DLL Hijacking in Acronis Cyber Protect 17", "updated": "2026-04-17T12:45:16.113334+00:00", "vendors": ["acronis", "acronis$PRODUCT$acronis_cyber_protect_17"]}