Local Privilege Escalation in Acronis DeviceLock DLP for Windows
CVE-2026-25852

6.7MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Devicelock Dlp
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-25852?

A vulnerability exists in Acronis DeviceLock DLP for Windows that allows attackers to escalate privileges locally through DLL hijacking. By manipulating specific DLL files, an unauthorized user could execute arbitrary code with higher privileges than intended. This flaw affects versions prior to build 9.0.93212, making systems running this product susceptible to exploitation. Regular updates and a review of DLL file handling practices are advised to mitigate potential security risks.

Affected Version(s)

Acronis DeviceLock DLP Windows < 9.0.93212

References

https://security-advisory.acronis.com/advisories/SEC-7217

vendor-advisory

CVSS V3.0

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

@satz4797 (https://hackerone.com/satz4797)

CVE-2026-25852 Data

JSON