Skip to main content

Acronis DeviceLock DLP EUVDEUVD-2026-34173

| CVE-2026-42061 HIGH
Execution with Unnecessary Privileges (CWE-250)
2026-06-03 security@acronis.com GHSA-jgh4-c962-w9qg
7.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 03, 2026 - 22:01 EUVD
Analysis Generated
Jun 03, 2026 - 20:31 vuln.today
CVE Published
Jun 03, 2026 - 20:16 nvd
HIGH 7.3

DescriptionCVE.org

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

AnalysisAI

Local privilege escalation in Acronis DeviceLock DLP for Windows before build 9.0.15051.93227 allows a low-privileged authenticated user to gain elevated privileges by abusing excessive permissions inherited by child processes spawned by the agent. With CVSS 7.3 and a high impact across confidentiality, integrity, and availability, successful exploitation requires user interaction and local access, and no public exploit identified at time of analysis.

Technical ContextAI

DeviceLock DLP is an endpoint data loss prevention agent that runs with elevated privileges on Windows hosts to enforce device and channel control policies. The root cause maps to CWE-250 (Execution with Unnecessary Privileges): the protected agent process spawns child processes without dropping or restricting its inherited security token, so a child inherits a privilege set far broader than its function requires. On Windows, this typically manifests as inherited SYSTEM-level or high-integrity tokens, handles, or impersonation rights that an attacker can leverage to break out of the intended sandbox boundary and execute code in the parent's security context. The CPE scope per the vendor advisory is limited to the Windows build of DeviceLock DLP prior to 9.0.15051.93227.

RemediationAI

Vendor-released patch: upgrade Acronis DeviceLock DLP for Windows to build 9.0.15051.93227 or later, distributing the update via your standard DeviceLock management console as described in the Acronis advisory at https://security-advisory.acronis.com/advisories/SEC-3083. No vendor-published workaround is referenced; if patching must be deferred, compensating controls include restricting interactive logon and software-execution rights on endpoints where DeviceLock is deployed (via AppLocker or WDAC allowlisting) to reduce the population of local users who can trigger the vulnerable child-process flow, and increasing EDR sensitivity to unexpected child processes of DeviceLock service binaries - both add management overhead and may generate false positives against legitimate admin tooling. Avoid stopping or unloading the DeviceLock agent as a mitigation, since doing so disables the DLP control the product is deployed to enforce.

Share

EUVD-2026-34173 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy