Skip to main content

Microsoft CVE-2026-27774

| EUVDEUVD-2026-18418 MEDIUM
Uncontrolled Search Path Element (CWE-427)
2026-04-02 Acronis GHSA-phg3-8rj7-h8r5
6.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
42902
EUVD ID Assigned
Apr 02, 2026 - 17:30 euvd
EUVD-2026-18418
Analysis Generated
Apr 02, 2026 - 17:30 vuln.today
CVE Published
Apr 02, 2026 - 17:05 nvd
MEDIUM 6.7

DescriptionCVE.org

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.

AnalysisAI

Local privilege escalation in Acronis True Image (Windows) before build 42902 allows authenticated users with low privileges to gain high-integrity access through DLL hijacking. An attacker with local user access can exploit unsafe DLL loading to execute arbitrary code with elevated permissions, requiring user interaction (e.g., triggering a specific application action). No public exploit code or active exploitation has been confirmed at the time of analysis.

Technical ContextAI

This vulnerability stems from CWE-427 (Uncontrolled Search Path Element), a classic DLL hijacking weakness in Windows applications. Acronis True Image loads dynamic libraries without properly validating their source or search order, allowing an attacker to place a malicious DLL in a location where the application searches before the legitimate system directory. The attack exploits the Windows DLL loading mechanism, particularly when applications use relative paths or search the current working directory before system directories. The affected product (CPE: cpe:2.3:a:acronis:acronis_true_image:*:*:*:*:*:*:*:*) uses unsafe library resolution that fails to enforce code signing or validate DLL integrity before loading.

RemediationAI

Upgrade Acronis True Image (Windows) to build 42902 or later, which contains the fix for the DLL hijacking vulnerability. Users can verify their current build number via Help > About or the system tray application menu. Acronis recommends applying this update as soon as possible, especially in multi-user environments where non-administrators routinely use the product. As a temporary mitigation, restrict permissions on Acronis application directories to prevent unprivileged users from writing DLL files to locations that the application searches during startup. However, this workaround is not a substitute for patching and should only be deployed when immediate upgrade is impossible. Refer to the official advisory at https://security-advisory.acronis.com/advisories/SEC-10057 for detailed update instructions and validation steps.

Share

CVE-2026-27774 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy