Local Privilege Escalation in Acronis Products
CVE-2026-41220

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Devicelock Dlp; Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-41220?

A vulnerability exists in Acronis products that allows local privilege escalation due to improper input validation. This weakness can potentially be exploited by attackers to gain higher privileges on affected Windows builds of Acronis DeviceLock DLP prior to version 9.0.93212 and Acronis Cyber Protect Cloud Agent prior to version 42183. Proper remediation measures should be taken to mitigate this risk and ensure system integrity.

Affected Version(s)

Acronis Cyber Protect Cloud Agent Windows < 42183

Acronis DeviceLock DLP Windows < 9.0.93212

References

https://security-advisory.acronis.com/advisories/SEC-10296

vendor-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

Kolja Grassmann (Neodyme AG) (mailto:contact@neodyme.io)

CVE-2026-41220 Data

JSON