Skip to main content

Agent CVE-2025-11790

MEDIUM
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-03-06 security@acronis.com
4.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 06, 2026 - 00:16 nvd
MEDIUM 4.4

DescriptionCVE.org

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

AnalysisAI

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. [CVSS 4.4 MEDIUM]

Technical ContextAI

This vulnerability (CWE-732: Incorrect Permission Assignment for Critical Resource) Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

RemediationAI

Monitor vendor advisories for a patch.

More in Agent

View all
CVE-2018-6703 CRITICAL
9.8 Dec 11

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows re

CVE-2022-1257 MEDIUM POC
5.5 Apr 14

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a loca

CVE-2016-3984 MEDIUM POC
5.1 Apr 08

The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.

CVE-2021-1257 HIGH
8.8 Jan 20

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remot

CVE-2023-1388 HIGH
8.1 Jun 07

A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macm

CVE-2023-41743 HIGH
7.8 Aug 31

Local privilege escalation due to insecure driver communication port permissions. Rated high severity (CVSS 7.8), this v

CVE-2025-5480 HIGH
7.8 Jun 06

Local privilege escalation vulnerability in Action1 where an attacker with low-privileged code execution can exploit an

CVE-2024-8996 HIGH
7.8 Sep 25

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from L

CVE-2023-44209 HIGH
7.8 Oct 04

Local privilege escalation due to improper soft link handling. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2023-41744 HIGH
7.8 Aug 31

Local privilege escalation due to unrestricted loading of unsigned libraries. Rated high severity (CVSS 7.8), this vulne

CVE-2023-0976 HIGH
7.8 Jun 07

A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file

CVE-2023-0975 HIGH
7.8 Apr 03

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/u

Share

CVE-2025-11790 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy