wid-sec-w-2026-0620 · Published 2026-03-05 · View on BSI CERT-Bund ↗

Acronis Cyber Protect and Cyber Protect Cloud Agent: Multiple Vulnerabilities

CVSS 9.8 CRITICAL

Risk Summary

Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

CVEs (22)

CVE-2025-11790 CVE-2025-11791 CVE-2025-11792 CVE-2026-28709 CVE-2026-28710 CVE-2026-28711 CVE-2026-28712 CVE-2026-28713 CVE-2026-28714 CVE-2026-28715 CVE-2026-28716 CVE-2026-28717 CVE-2026-28718 CVE-2026-28719 CVE-2026-28720 CVE-2026-28721 CVE-2026-28722 CVE-2026-28723 CVE-2026-28724 CVE-2026-28725 CVE-2026-28726 CVE-2026-28727

Affected Vendors

Acronis

Affected Products (6)

Acronis · Cyber Protect 17 <build 41186

Acronis · Cyber Protect 17 build 41186

Acronis · Cyber Protect Cloud Agent <build 36943

Acronis · Cyber Protect Cloud Agent build 36943

Acronis · Cyber Protect Cloud Agent <build 41124

Acronis · Cyber Protect Cloud Agent build 41124

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more