Severity by source
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
AnalysisAI
Local privilege escalation in Acronis True Image for Windows before build 42902 exploits DLL hijacking to allow authenticated users to escalate privileges. An attacker with local access and valid credentials can manipulate DLL load paths during application execution, requiring user interaction (such as opening a file or launching a feature), to gain elevated system privileges. This vulnerability has a CVSS score of 6.7 and affects all versions prior to the patched build.
Technical ContextAI
The vulnerability stems from CWE-427 (Uncontrolled Search Path Element), a classic DLL hijacking flaw where the application searches for dynamically loaded libraries in directories where an attacker can place malicious DLL files before the legitimate system directories are checked. Acronis True Image, a Windows-based backup and system imaging utility, fails to implement secure DLL loading practices such as hardcoded absolute paths or DLL pinning. The attack requires local file system access and exploitation is contingent on a user interaction trigger-the application must execute code that attempts to load the hijacked DLL. This is a local-attack-vector vulnerability (AV:L) with high complexity (AC:H) reflecting the need for specific conditions and user action (UI:R) to succeed.
RemediationAI
Users should upgrade Acronis True Image for Windows to build 42902 or later, which contains the vendor-released patch addressing the DLL hijacking vulnerability. The patch implements secure DLL loading mechanisms to prevent untrusted search-path exploitation. Detailed upgrade instructions and the patched build availability are provided in the Acronis advisory at https://security-advisory.acronis.com/advisories/SEC-10401. Until patching is possible, users should restrict local access to systems running vulnerable versions and avoid opening untrusted files or features from directories where attackers might stage malicious DLLs.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18420
GHSA-r5hg-g2g5-9h8f