Acronis Cyber Protect 17: Unauthorized report deletion risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.3

Acronis Cyber Protect 17: Unauthorized report deletion risk

CVE-2026-28723

Summary

Acronis Cyber Protect 17, used for backup and security, has a security issue that allows attackers to delete reports without permission. This means that sensitive data, like backup logs, could be deleted by someone who shouldn't have access to them. Update to version 17 build 41186 or later to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
acronis	cyber_protect	<= 17.0.41186	–

Original title

Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Original description

Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

nvd CVSS3.0 4.3

Vulnerability type

CWE-863 Incorrect Authorization

https://security-advisory.acronis.com/advisories/SEC-8486

Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026