{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28712", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-03-03T02:29:03.753Z", "datePublished": "2026-03-05T23:50:38.746Z", "dateUpdated": "2026-03-07T04:55:17.528Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:50:38.746Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-427", "description": "CWE-427", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "41186", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-2332", "name": "SEC-2332", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "@vanitas (https://hackerone.com/vanitas)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28712"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-07T04:55:17.528Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28712", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-06T19:31:17.724182Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T19:31:18.748Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@vanitas (https://hackerone.com/vanitas)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41186", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-2332", "name": "SEC-2332", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:50:38.746Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28712", "state": "PUBLISHED", "dateUpdated": "2026-03-07T04:55:17.528Z", "dateReserved": "2026-03-03T02:29:03.753Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-03-05T23:50:38.746Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "52FF13FE-B050-4333-B0E3-F7EE4AA98520", "versionEndExcluding": "17.0.41186", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}, {"lang": "es", "value": "Escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 17 (Windows) anterior a la compilaci\u00f3n 41186."}], "id": "CVE-2026-28712", "lastModified": "2026-03-11T14:00:40.600", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "security@acronis.com", "type": "Secondary"}]}, "published": "2026-03-06T00:16:11.593", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-2332"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,41186)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "acronis_cyber_protect_17", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-16T11:49:41.452405+00:00", "value": {"mitigation_remediation": ["Upgrade Acronis Cyber Protect to build 41186 or newer, which contains the DLL hijacking fix.", "If an immediate update is not possible, remove or rename the vulnerable DLL directory from the system PATH or adjust the DLL search order policy to prevent loading of unsigned DLLs by the application.", "Ensure the underlying Windows operating system is kept current with security patches, as the DLL search order behavior may be influenced by OS-level updates."], "summary": {"action": "Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Acronis Cyber Protect 17 on Windows, versions prior to build 41186 are vulnerable. No other products or vendors are listed as affected in the advisory.", "description_and_impact": "A local attacker can elevate privileges by placing a malicious DLL in a directory that is searched before the legitimate DLL used by Acronis Cyber Protect. The flaw allows exploitation without direct network access, leveraging Windows DLL search order to load attacker-controlled code with the application's privileges. The vulnerability is a classic path traversal and DLL hijacking issue, catalogued as CWE\u2011427, and can compromise system integrity if the malicious code is executed with administrative rights.", "risk_and_exploitability": "The CVSS base score of 6.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of widespread exploitation. The vulnerability is not present in the CISA KEV catalog. Based on the description, the attack vector is local; an attacker must already have access to the target machine to place or replace the DLL. The condition for exploitation requires write access to a path in the DLL search order, which is typical for local privilege escalation scenarios."}}}}, "created": "2026-03-06T14:56:29.115510+00:00", "title": "DLL Hijacking Enables Local Privilege Escalation in Acronis Cyber Protect 17", "updated": "2026-04-16T12:00:11.689047+00:00", "vendors": ["acronis", "acronis$PRODUCT$acronis_cyber_protect_17"]}