{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28717", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-03-03T02:29:03.753Z", "datePublished": "2026-03-05T23:53:46.001Z", "dateUpdated": "2026-03-09T13:42:55.003Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:53:46.001Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-276", "description": "CWE-276", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "41186", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-8363", "name": "SEC-8363", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "@oriotie (https://hackerone.com/oriotie)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-07T04:55:17.164157Z", "id": "CVE-2026-28717", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T13:42:55.003Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28717", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-07T04:55:17.164157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T13:42:52.525Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@oriotie (https://hackerone.com/oriotie)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41186", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-8363", "name": "SEC-8363", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:53:46.001Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28717", "state": "PUBLISHED", "dateUpdated": "2026-03-09T13:42:55.003Z", "dateReserved": "2026-03-03T02:29:03.753Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-03-05T23:53:46.001Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "52FF13FE-B050-4333-B0E3-F7EE4AA98520", "versionEndExcluding": "17.0.41186", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}, {"lang": "es", "value": "Escalada de privilegios local debido a permisos de directorio incorrectos. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 17 (Windows) anterior a la compilaci\u00f3n 41186."}], "id": "CVE-2026-28717", "lastModified": "2026-03-11T14:01:32.347", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "security@acronis.com", "type": "Secondary"}]}, "published": "2026-03-06T00:16:12.363", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-8363"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,41186)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "acronis_cyber_protect_17", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-16T11:48:04.013926+00:00", "value": {"mitigation_remediation": ["Upgrade Acronis Cyber Protect 17 to build 41186 or later to obtain the directed permission fix.", "Verify that installation and data directories are owned by the intended administrative accounts and that write permissions are restricted to users who require them.", "Implement least\u2011privilege access controls to prevent non\u2011administrative local accounts from modifying application files or configurations."], "summary": {"action": "Patch", "impact": "Local privilege escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Acronis Cyber Protect 17 for Windows in builds prior to 41186. Users running older versions should verify their build number and consider upgrading to a supported release.", "description_and_impact": "Acronis Cyber Protect 17 on Windows may allow a local user with limited rights to gain administrative privileges by exploiting improperly set directory permissions. This flaw enables the user to modify application files or configuration data, which can lead to execution of arbitrary code or escalation to higher privileges. The weakness corresponds to CWE-276, improper authorization.", "risk_and_exploitability": "The CVSS score of 5.0 indicates medium severity. The Economics of Security Predictions Service shows a low exploitation probability (<1\u202f%). The vulnerability is not listed in the CISA KEV catalog. While no publicly documented exploit exists, the local attacker requirement means any machine with untrusted local accounts or weak user isolation could be targeted, making timely remediation advisable."}}}}, "created": "2026-03-06T14:56:24.865178+00:00", "title": "Local Privilege Escalation via Improper Directory Permissions in Acronis Cyber Protect 17", "updated": "2026-04-16T12:00:11.687406+00:00", "vendors": ["acronis", "acronis$PRODUCT$acronis_cyber_protect_17"]}