Acronis Cyber Protect 17: Unrestricted access to sensitive files on Windows

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.0

Acronis Cyber Protect 17: Unrestricted access to sensitive files on Windows

CVE-2026-28717

Summary

An older version of Acronis Cyber Protect 17 for Windows has incorrect directory permissions, potentially allowing unauthorized access to sensitive files. This could be exploited by an attacker with local access to gain elevated privileges. Update to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
acronis	cyber_protect	<= 17.0.41186	–

Original title

Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Original description

Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

nvd CVSS3.0 5.0

Vulnerability type

CWE-276 Incorrect Default Permissions

https://security-advisory.acronis.com/advisories/SEC-8363

Published: 6 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026