Unauthorized Report Deletion in Acronis Cyber Protect by Acronis
CVE-2026-28723

4.3MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 17
Vendor: CVE Published:; 5 March 2026

What is CVE-2026-28723?

Acronis Cyber Protect 17 is affected by a vulnerability that enables unauthorized deletion of reports due to inadequate access controls. This issue poses significant risks as it can lead to loss of critical audit trails and may compromise data integrity for users relying on the product for backup and cybersecurity management. Users are advised to upgrade to build 41186 or later to mitigate this vulnerability.

Affected Version(s)

Acronis Cyber Protect 17 Linux < 41186

References

https://security-advisory.acronis.com/advisories/SEC-8486

vendor-advisory

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2026
Vulnerability Reserved
Mar 3, 2026

Credit

@vultza (https://hackerone.com/vultza)

CVE-2026-28723 Data

JSON