CVE-2026-33092 Acronis CVE debrief

Who should care

macOS system administrators deploying Acronis True Image in enterprise environments; security teams managing endpoint backup solutions; organizations with compliance requirements for privilege separation on macOS workstations.

Technical summary

The vulnerability exists in the macOS implementation of Acronis True Image where environment variables are improperly handled during privileged operations. An attacker with local access can manipulate environment variables to influence the behavior of Acronis processes running with elevated privileges. The attack requires low privileges and no user interaction, with low attack complexity. Successful exploitation yields high impact across confidentiality, integrity, and availability dimensions. The fix involves updated builds that properly sanitize environment variable inputs before use in privileged contexts.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Acronis True Image OEM (macOS) to build 42571 or later
• Upgrade Acronis True Image (macOS) to build 42902 or later
• Audit and restrict local user privileges on macOS endpoints running Acronis True Image
• Monitor for anomalous process executions with elevated privileges originating from Acronis True Image components
• Review environment variable configurations in Acronis deployment scripts and launch daemons

Evidence notes

CVE published 2026-04-10; NVD record modified 2026-05-19. Vendor advisory SEC-9407 confirms affected product builds. CVSS 3.0 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates local attack vector with low attack complexity and low privileges required, no user interaction needed.

Official resources