These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A local privilege escalation vulnerability exists in Acronis DeviceLock DLP (Windows) before build 9.0.93212 and Acronis Cyber Protect Cloud Agent (Windows) before build 42183 due to improper input validation (CWE-123). The vulnerability carries a CVSS 3.0 score of 7.8 (HIGH severity) with an attack vector of local access, low attack complexity, and low privileges required. Successful exploitation could r [truncated]
CVE-2026-41220 is a local privilege escalation vulnerability in Acronis DeviceLock DLP (Windows) and Acronis Cyber Protect Cloud Agent (Windows) caused by improper input validation (CWE-787). The vulnerability allows an attacker with local access and low privileges to escalate to higher privileges without user interaction, resulting in high impact to confidentiality, integrity, and availability. Affected [truncated]
A local privilege escalation vulnerability exists in Acronis DeviceLock DLP for Windows due to DLL hijacking (CWE-427). The vulnerability affects versions prior to build 9.0.93212. An attacker with local access and low privileges could exploit this issue by placing a malicious DLL in a location that the affected application loads from, resulting in execution with elevated privileges. The CVSS 3.0 vector i [truncated]
A local privilege escalation vulnerability exists in Acronis True Image for macOS due to improper handling of environment variables. The flaw allows an attacker with local access and low privileges to escalate to higher privileges without user interaction, potentially achieving full confidentiality, integrity, and availability impact on affected systems. The vulnerability stems from CWE-15: External Contr [truncated]
CVE-2023-45249 concerns an insecure default password vulnerability in Acronis Cyber Infrastructure (ACI). CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2024-07-29, which indicates it is considered actively exploited or otherwise confirmed to be of urgent defensive concern. The supplied guidance is to apply mitigations per vendor instructions, or discontinue use of the product if mi [truncated]