CVE-2026-33271
Received
Received - Intake
Local Privilege Escalation in Acronis True Image via Insecure Permissions
Publication date: 2026-04-02
Last updated on: 2026-04-20
Assigner: Acronis International GmbH
Description
Description
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acronis | true_image | to 2026 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue caused by insecure folder permissions in Acronis True Image (Windows) versions before build 42902.
How can this vulnerability impact me? :
An attacker with limited privileges on the affected system could exploit this vulnerability to gain higher privileges, potentially allowing them to execute code with elevated rights, compromise system integrity, and access sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70