PatchSiren cyber security CVE debrief
CVE-2026-41952 Acronis CVE debrief
A local privilege escalation vulnerability exists in Acronis DeviceLock DLP (Windows) before build 9.0.93212 and Acronis Cyber Protect Cloud Agent (Windows) before build 42183 due to improper input validation (CWE-123). The vulnerability carries a CVSS 3.0 score of 7.8 (HIGH severity) with an attack vector of local access, low attack complexity, and low privileges required. Successful exploitation could result in high impact to confidentiality, integrity, and availability. The CVE was published on April 29, 2026 and last modified on May 19, 2026. No known exploitation in the wild or ransomware campaign use has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Acronis
- Product
- Acronis DeviceLock DLP
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-29
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-04-29
- Advisory updated
- 2026-05-19
Who should care
Organizations using Acronis DeviceLock DLP or Acronis Cyber Protect Cloud Agent on Windows endpoints, particularly those with multi-user systems or environments where standard users may have local access. Security teams responsible for endpoint protection, DLP, and backup infrastructure should prioritize patching.
Technical summary
The vulnerability stems from improper input validation (CWE-123) in Acronis Windows agents, allowing a locally authenticated attacker with low privileges to escalate to higher privilege levels. The attack requires local access but no user interaction, with low complexity. The CVSS 3.0 base score of 7.8 reflects high impacts across confidentiality, integrity, and availability. Patched builds are available for both affected product lines.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Acronis DeviceLock DLP (Windows) to build 9.0.93212 or later
- Upgrade Acronis Cyber Protect Cloud Agent (Windows) to build 42183 or later
- Verify agent versions across all managed Windows endpoints
- Review endpoint privilege management policies to restrict unnecessary local administrative access
- Monitor for anomalous privilege escalation attempts on systems running affected Acronis products
Evidence notes
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Weakness: CWE-123 (Improper Neutralization of Special Elements in Data Used by a Component). VulnStatus in NVD: Deferred.
Official resources
-
CVE-2026-41952 CVE record
CVE.org
-
CVE-2026-41952 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
Acronis disclosed this vulnerability via security advisory SEC-7790. Affected products include Acronis DeviceLock DLP for Windows and Acronis Cyber Protect Cloud Agent for Windows. The vendor has released patched builds: DeviceLock DLP 9.0.