Skip to main content

Windows CVE-2026-28721

HIGH
Externally Controlled Reference to a Resource in Another Sphere (CWE-610)
2026-03-06 security@acronis.com
Windows Privilege Escalation Cyber Protect
7.3
CVSS 3.0
Share

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 06, 2026 - 00:16 nvd
HIGH 7.3

DescriptionNVD

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

AnalysisAI

Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all systems running Acronis Cyber Protect 17 (Windows) build 41186 or earlier and document exposure. Within 7 days: Implement network segmentation to restrict local access to Acronis services, disable unnecessary local account privileges, and enforce multi-factor authentication for administrative access. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-28721 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy