PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-41220 Acronis CVE debrief

CVE-2026-41220 is a local privilege escalation vulnerability in Acronis DeviceLock DLP (Windows) and Acronis Cyber Protect Cloud Agent (Windows) caused by improper input validation (CWE-787). The vulnerability allows an attacker with local access and low privileges to escalate to higher privileges without user interaction, resulting in high impact to confidentiality, integrity, and availability. Affected versions include Acronis DeviceLock DLP before build 9.0.93212 and Acronis Cyber Protect Cloud Agent before build 42183. The vulnerability was published on April 29, 2026, and last modified on May 19, 2026. Organizations should update to the patched builds to remediate this vulnerability.

Vendor
Acronis
Product
Acronis DeviceLock DLP
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-29
Original CVE updated
2026-05-19
Advisory published
2026-04-29
Advisory updated
2026-05-19

Who should care

Organizations using Acronis DeviceLock DLP or Acronis Cyber Protect Cloud Agent on Windows endpoints, particularly those with multi-user environments where low-privilege local access is possible. Security teams responsible for endpoint protection, patch management, and privilege escalation defense should prioritize this vulnerability.

Technical summary

The vulnerability stems from improper input validation (CWE-787) in Acronis DeviceLock DLP and Cyber Protect Cloud Agent on Windows. The CVSS 3.0 score of 7.8 reflects local attack vector, low attack complexity, low privileges required, no user interaction needed, and high impacts across confidentiality, integrity, and availability. The vendor has released patched builds: 9.0.93212 for DeviceLock DLP and 42183 for Cyber Protect Cloud Agent.

Defensive priority

HIGH

Recommended defensive actions

  • Update Acronis DeviceLock DLP (Windows) to build 9.0.93212 or later
  • Update Acronis Cyber Protect Cloud Agent (Windows) to build 42183 or later
  • Review local user access controls to limit low-privilege account exposure
  • Monitor for anomalous privilege escalation attempts on endpoints running affected Acronis products
  • Verify patch deployment through asset inventory and vulnerability scanning

Evidence notes

CVSS 3.0 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. CWE-787 (Out-of-bounds Write) identified as primary weakness. Vendor advisory SEC-10296 published by Acronis.

Official resources

2026-04-29