Every CVE whose affected-product data names Acronis Cyber Protect, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (86)
CVE-2025-30412 — CVSS 10.0 (critical): Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16…
CVE-2025-30416 — CVSS 10.0 (critical): Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16…
CVE-2025-30411 — CVSS 10.0 (critical): Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16…
CVE-2026-28710 — CVSS 9.8 (critical): Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber…
CVE-2024-49388 — CVSS 9.1 (critical): Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux…
CVE-2023-44206 — CVSS 9.1 (critical): Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect…
CVE-2023-44152 — CVSS 9.1 (critical): Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber…
CVE-2022-3405 — CVSS 8.8 (high): Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are…
CVE-2023-44154 — CVSS 8.1 (high): Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect…
CVE-2026-28727 — CVSS 7.8 (high): Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS)…
CVE-2021-38086 — CVSS 7.8 (high): Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege…
CVE-2021-38088 — CVSS 7.8 (high): Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.
CVE-2020-10138 — CVSS 7.8 (high): Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within…
CVE-2021-44198 — CVSS 7.8 (high): DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before…
CVE-2022-45452 — CVSS 7.8 (high): Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build…
CVE-2022-45451 — CVSS 7.8 (high): Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber…
CVE-2022-45455 — CVSS 7.8 (high): Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office…
CVE-2024-55543 — CVSS 7.8 (high): Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows)…
CVE-2024-55540 — CVSS 7.8 (high): Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows)…
CVE-2021-44204 — CVSS 7.8 (high): Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect…
CVE-2023-41743 — CVSS 7.8 (high): Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber…
CVE-2023-41744 — CVSS 7.8 (high): Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS)…
CVE-2023-44157 — CVSS 7.8 (high): Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows)…
CVE-2022-24113 — CVSS 7.8 (high): Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber…
CVE-2023-44159 — CVSS 7.5 (high): Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber…
CVE-2020-35556 — CVSS 7.5 (high): An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS…
CVE-2022-30990 — CVSS 7.5 (high): Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux)…
CVE-2022-30993 — CVSS 7.5 (high): Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before…
CVE-2022-30994 — CVSS 7.5 (high): Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
CVE-2022-30995 — CVSS 7.5 (high): Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows…
CVE-2022-45450 — CVSS 7.5 (high): Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux…
CVE-2022-45453 — CVSS 7.5 (high): TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
CVE-2022-45454 — CVSS 7.5 (high): Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before…
CVE-2022-45457 — CVSS 7.5 (high): Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis…
CVE-2022-45458 — CVSS 7.5 (high): Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis…
CVE-2022-45459 — CVSS 7.5 (high): Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before…
CVE-2023-41742 — CVSS 7.5 (high): Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS…
CVE-2023-41749 — CVSS 7.5 (high): Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent…
CVE-2023-44153 — CVSS 7.5 (high): Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis…
CVE-2023-44155 — CVSS 7.5 (high): Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build…
CVE-2023-44156 — CVSS 7.5 (high): Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows)…
CVE-2023-44158 — CVSS 7.5 (high): Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15…
CVE-2024-49387 — CVSS 7.5 (high): Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16…
CVE-2026-28718 — CVSS 7.5 (high): Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber…
CVE-2026-28721 — CVSS 7.3 (high): Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows)…
CVE-2026-28722 — CVSS 7.3 (high): Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows)…
CVE-2026-28713 — CVSS 7.1 (high): Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud…
CVE-2025-11791 — CVSS 7.1 (high): Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis…
CVE-2023-44161 — CVSS 6.5 (medium): Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux…
CVE-2023-44160 — CVSS 6.5 (medium): Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux…
CVE-2026-28715 — CVSS 6.5 (medium): Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17…
CVE-2022-45449 — CVSS 6.5 (medium): Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber…
CVE-2026-28712 — CVSS 6.3 (medium): Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows)…
CVE-2026-28711 — CVSS 6.3 (medium): Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows)…
CVE-2024-55541 — CVSS 6.1 (medium): Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected…
CVE-2022-30992 — CVSS 6.1 (medium): Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before…
CVE-2023-48681 — CVSS 6.1 (medium): Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16…
CVE-2022-30991 — CVSS 6.1 (medium): HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
CVE-2021-44201 — CVSS 6.1 (medium): Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows…
CVE-2021-38087 — CVSS 6.1 (medium): Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.
CVE-2020-35664 — CVSS 6.1 (medium): An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console.
CVE-2021-44199 — CVSS 5.5 (medium): DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035…
CVE-2026-28725 — CVSS 5.5 (medium): Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber…
CVE-2023-41745 — CVSS 5.5 (medium): Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent…
CVE-2023-48678 — CVSS 5.5 (medium): Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux…
CVE-2023-48680 — CVSS 5.5 (medium): Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber…
CVE-2021-44202 — CVSS 5.4 (medium): Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows…
CVE-2021-44200 — CVSS 5.4 (medium): Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows…
CVE-2023-48682 — CVSS 5.4 (medium): Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux…
CVE-2023-48679 — CVSS 5.4 (medium): Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected…
CVE-2023-44207 — CVSS 5.4 (medium): Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15…
CVE-2021-44203 — CVSS 5.4 (medium): Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15…
CVE-2023-44205 — CVSS 5.3 (medium): Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux…
CVE-2026-28717 — CVSS 5.0 (medium): Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows)…
CVE-2026-28714 — CVSS 4.8 (medium): Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux…
CVE-2025-30413 — CVSS 4.4 (medium): Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud…
CVE-2026-28716 — CVSS 4.4 (medium): Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17…
CVE-2026-28719 — CVSS 4.3 (medium): Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17…
CVE-2026-28720 — CVSS 4.3 (medium): Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect…
CVE-2024-49383 — CVSS 4.3 (medium): Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected…
CVE-2024-49384 — CVSS 4.3 (medium): Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected…
CVE-2026-28723 — CVSS 4.3 (medium): Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux…
CVE-2026-28709 — CVSS 4.3 (medium): Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17…
CVE-2024-49382 — CVSS 4.3 (medium): Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected…
CVE-2026-28726 — CVSS 4.3 (medium): Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux…
CVE-2026-28724 — CVSS 4.3 (medium): Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17…