Acronis Cyber Protect 17 (Windows) allows attackers to gain elevated privileges

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.3

Acronis Cyber Protect 17 (Windows) allows attackers to gain elevated privileges

CVE-2026-28721

Summary

A vulnerability in Acronis Cyber Protect 17 for Windows allows an attacker to gain elevated privileges on the system. This can happen if an attacker creates a malicious soft link, potentially allowing them to access sensitive data or take control of the system. Users should update to the latest version of Acronis Cyber Protect 17 (build 41186 or later) to resolve this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
acronis	cyber_protect	<= 17.0.41186	–

Original title

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Original description

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

nvd CVSS3.0 7.3

Vulnerability type

CWE-610

https://security-advisory.acronis.com/advisories/SEC-8445

Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026