{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28713", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-03-03T02:29:03.753Z", "datePublished": "2026-03-05T23:51:30.830Z", "dateUpdated": "2026-03-07T04:55:22.751Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:51:30.830Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1392", "description": "CWE-1392", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect Cloud Agent", "platforms": ["VMware"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "36943", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "platforms": ["VMware"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "41186", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-4168", "name": "SEC-4168", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28713"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-07T04:55:22.751Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28713", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-06T19:31:15.569579Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T19:31:16.739Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect Cloud Agent", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "36943", "versionType": "semver"}], "platforms": ["VMware"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41186", "versionType": "semver"}], "platforms": ["VMware"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-4168", "name": "SEC-4168", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1392", "description": "CWE-1392"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:51:30.830Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28713", "state": "PUBLISHED", "dateUpdated": "2026-03-07T04:55:22.751Z", "dateReserved": "2026-03-03T02:29:03.753Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-03-05T23:51:30.830Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "48CA4F1C-287B-4557-8974-B00A924543AC", "versionEndExcluding": "c23.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "52FF13FE-B050-4333-B0E3-F7EE4AA98520", "versionEndExcluding": "17.0.41186", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186."}, {"lang": "es", "value": "Credenciales predeterminadas establecidas para el usuario privilegiado local en el Dispositivo Virtual. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect Cloud Agent (VMware) antes de la compilaci\u00f3n 36943, Acronis Cyber Protect 17 (VMware) antes de la compilaci\u00f3n 41186."}], "id": "CVE-2026-28713", "lastModified": "2026-03-13T16:37:26.227", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.5, "source": "security@acronis.com", "type": "Secondary"}]}, "published": "2026-03-06T00:16:11.750", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-4168"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["VMware"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,41186)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "acronis_cyber_protect_17", "vendor": "acronis"}, {"configurations": [{"platform": ["vmware"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,36943)"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 89.0, "source": "matching"}]}, "original": {"product": "Acronis Cyber Protect Cloud Agent", "source": "cna", "vendor": "Acronis"}, "product": "cyber_protect_cloud_agent", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-17T12:31:29.750962+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011recommended patch for Acronis Cyber Protect 17, upgrading to build 41186 or later.", "Apply the vendor\u2011recommended patch for Acronis Cyber Protect Cloud Agent upgrading to build 36943 or later.", "If a patch is not immediately available, disable external management access to the virtual appliance and enforce strict authentication controls until remediation can be applied."], "summary": {"action": "Apply Patch", "impact": "Local Privilege Escalation via default credentials"}, "threat_synthesis": {"affected_systems": "Affected systems include Acronis Cyber Protect 17 (VMware) with build numbers below 41186 and Acronis Cyber Protect Cloud Agent (VMware) with build numbers below 36943, representing virtual appliances that expose default credentials.", "description_and_impact": "The vulnerability arises because Acronis Virtual Appliance contains a default credentials set for a local privileged user. If an attacker can authenticate with these default credentials, they may gain privileged access to the appliance. This flaw permits local privilege escalation, which could potentially affect confidentiality, integrity, or availability of the protected environment.", "risk_and_exploitability": "The CVSS base score of 7.1 indicates high severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. It is likely that exploitation requires local access to the virtual appliance; an attacker would need to reach the appliance\u2019s management interface and then authenticate with the default credentials. Once authenticated, the attacker could potentially perform privileged operations, making this a high-impact local privilege escalation."}}}}, "created": "2026-03-06T14:56:28.317274+00:00", "title": "Default Credentials in Acronis Virtual Appliance Enable Local Privilege Escalation", "updated": "2026-04-17T12:45:16.112303+00:00", "vendors": ["acronis", "acronis$PRODUCT$acronis_cyber_protect_17", "acronis$PRODUCT$cyber_protect_cloud_agent"]}