What is the CVSS score of CVE-2026-28713?

CVE-2026-28713 has a CVSS 3.0 base score of 7.1 (High). CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.0%.

Which versions of Agent are affected by CVE-2026-28713?

Virtual appliance deployments of Acronis Cyber Protect Cloud Agent and Cyber Protect 17 on VMware infrastructure contain hard-coded default credentials that could allow unauthorized local privileged…

Agent CVE-2026-28713

HIGH

Use of Default Credentials (CWE-1392)

2026-03-06 security@acronis.com

Information Disclosure Agent Cyber Protect

7.1

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 06, 2026 - 00:16 nvd

HIGH 7.1

DescriptionNVD

Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.

AnalysisAI

Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. …

RemediationAI

Within 24 hours: Identify and inventory all Acronis Virtual Appliance deployments on VMware with affected builds (Cloud Agent <36943, Cyber Protect 17 <41186); isolate systems from production networks if possible. Within 7 days: Implement mandatory credential rotation for all local privileged accounts on affected appliances and restrict network access via firewall rules to authorized administrators only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-28713 vulnerability details – vuln.today

Back

Agent CVE-2026-28713

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code