{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28728", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-03-03T02:29:03.755Z", "datePublished": "2026-04-02T17:04:45.425Z", "dateUpdated": "2026-04-03T03:55:46.690Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-04-02T17:04:45.425Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-427", "description": "CWE-427", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis True Image", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "42902", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-10401", "name": "SEC-10401", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-28728"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T03:55:46.690Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28728", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T17:45:50.018100Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T17:45:52.347Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis True Image", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "42902", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-10401", "name": "SEC-10401", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-04-02T17:04:45.425Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28728", "state": "PUBLISHED", "dateUpdated": "2026-04-03T03:55:46.690Z", "dateReserved": "2026-03-03T02:29:03.755Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-04-02T17:04:45.425Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:true_image:*:*:*:*:*:windows:*:*", "matchCriteriaId": "2BB3F5C3-E7BF-458A-BB47-79B01F3DCF6E", "versionEndExcluding": "2026", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."}], "id": "CVE-2026-28728", "lastModified": "2026-04-20T16:38:24.203", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security@acronis.com", "type": "Secondary"}]}, "published": "2026-04-02T18:16:27.260", "references": [{"source": "security@acronis.com", "tags": ["Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-10401"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,42902)"}}], "enrichment": {"confidence": 82.0, "confidence_source": "matching", "scores": [{"score": 82.0, "source": "matching"}]}, "original": {"product": "Acronis True Image", "source": "cna", "vendor": "Acronis"}, "product": "true_image", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-02T21:58:33.782392+00:00", "value": {"mitigation_remediation": ["Upgrade Acronis True Image to build 42902 or later.", "Remove any untrusted or unknown DLLs from the Acronis installation directory.", "Apply operating\u2011system security patches and monitor for unauthorized DLLs."], "summary": {"action": "Patch Now", "impact": "Local privilege escalation via DLL hijacking"}, "threat_synthesis": {"affected_systems": "Acronis True Image for Windows versions prior to build 42902 are affected. The vulnerability is specific to Windows installations of this product.", "description_and_impact": "Acronis True Image on Windows contains a flaw in the way it loads Dynamic Link Libraries. A local attacker can place a malicious DLL in the program\u2019s search path, causing the application to load that DLL instead of the intended one. The resulting code execution can grant the attacker elevated privileges on the affected system, effectively allowing privilege escalation.", "risk_and_exploitability": "The CVSS score of 6.7 indicates medium severity. The attack path requires a local attacker or one who can write to the installation directory, so the exploit is limited to environments with local access. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, implying no widely reported exploitation yet. Nonetheless, the potential for privilege escalation warrants immediate remediation, and the likely attack vector is local DLL hijacking inferred from the description."}}}}, "created": "2026-04-03T08:58:15.595983+00:00", "updated": "2026-04-03T09:18:18.288347+00:00", "vendors": ["acronis", "acronis$PRODUCT$true_image"]}