{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28721", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-03-03T02:29:03.754Z", "datePublished": "2026-03-05T23:55:01.493Z", "dateUpdated": "2026-03-09T13:42:36.222Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:55:01.493Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-610", "description": "CWE-610", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "41186", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-8445", "name": "SEC-8445", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "@vultza (https://hackerone.com/vultza)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-07T04:55:15.780059Z", "id": "CVE-2026-28721", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T13:42:36.222Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28721", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-07T04:55:15.780059Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T13:42:31.809Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@vultza (https://hackerone.com/vultza)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect 17", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41186", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-8445", "name": "SEC-8445", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-610", "description": "CWE-610"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-03-05T23:55:01.493Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28721", "state": "PUBLISHED", "dateUpdated": "2026-03-09T13:42:36.222Z", "dateReserved": "2026-03-03T02:29:03.754Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-03-05T23:55:01.493Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "52FF13FE-B050-4333-B0E3-F7EE4AA98520", "versionEndExcluding": "17.0.41186", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186."}, {"lang": "es", "value": "Escalada de privilegios local debido al manejo inadecuado de enlaces simb\u00f3licos. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 17 (Windows) anterior a la compilaci\u00f3n 41186."}], "id": "CVE-2026-28721", "lastModified": "2026-03-11T14:01:42.663", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "security@acronis.com", "type": "Secondary"}]}, "published": "2026-03-06T00:16:13.053", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-8445"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-610"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,41186)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "acronis_cyber_protect_17", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-17T12:30:48.634451+00:00", "value": {"mitigation_remediation": ["Apply the official Acronis Cyber Protect\u202f17 update to build\u202f41186 or newer, which removes the hard\u2011coded soft\u2011link handling flaw.", "If a patch is not yet available, restrict local accounts that can create or modify symbolic links by limiting the permissions granted to the Acronis service process, thereby preventing the manipulation of link targets.", "Enforce Windows local security policy hardening to implement least privilege, particularly restricting write access to directories used by Acronis, which reduces the opportunity to abuse the vulnerable functionality."], "summary": {"action": "Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Acronis Cyber Protect 17 running on Windows operating systems, specifically versions released before build 41186. No other vendors or product lines are mentioned in the CVE data.", "description_and_impact": "A local privilege escalation vulnerability exists in Acronis Cyber Protect 17 for Windows. The flaw stems from improper handling of symbolic links, allowing a local user to manipulate file paths in a way that elevates privileges. Because the vulnerability is classified as CWE\u2011610, it involves authorization bypass by accessing or writing to file objects that should be protected. The impact is the ability of an attacker with local access to read or modify privileged files, thereby compromising system integrity and confidentiality.", "risk_and_exploitability": "The CVSS score of 7.3 places the vulnerability in the high severity range, but the EPSS score of less than 1% indicates that exploitation is unlikely in the short term. The CVE is not listed in the CISA KEV catalog, further reducing immediate threat. Attacks would require local access and the creation or manipulation of symbolic links, meaning only a user with some local privileges could exploit it. Once the flaw is leveraged, the attacker can elevate privileges within the system, potentially enabling further compromise."}}}}, "created": "2026-03-06T14:56:21.537831+00:00", "title": "Local Privilege Escalation through Improper Soft Link Handling in Acronis Cyber Protect 17", "updated": "2026-04-17T12:45:16.109998+00:00", "vendors": ["acronis", "acronis$PRODUCT$acronis_cyber_protect_17"]}