CVE-2026-41952
Local Privilege Escalation in Acronis DeviceLock DLP and Cyber Protect Cloud Agent
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: Acronis International GmbH
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acronis | devicelock_dlp | to 9.0.93212 (exc) |
| acronis | cyber_protect_cloud_agent | to 42183 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-123 | Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue caused by improper input validation in certain Acronis products. Specifically, it affects Acronis DeviceLock DLP (Windows) versions before build 9.0.93212 and Acronis Cyber Protect Cloud Agent (Windows) versions before build 42183.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability is a local privilege escalation due to improper input validation, which can lead to unauthorized access or control over affected systems.
Such unauthorized access or control could potentially result in violations of data protection and privacy regulations like GDPR and HIPAA, as it may allow attackers to access, modify, or disrupt sensitive data.
Therefore, organizations using the affected products should consider this vulnerability as a risk to their compliance posture and take appropriate mitigation steps.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker with limited privileges on the affected system to escalate their privileges to a higher level. This can lead to full control over the system, including the ability to read, modify, or delete sensitive data, and potentially disrupt system operations.
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue caused by improper input validation in certain Acronis products. Specifically, it affects Acronis DeviceLock DLP (Windows) versions before build 9.0.93212 and Acronis Cyber Protect Cloud Agent (Windows) versions before build 42183.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker with limited privileges on the affected system to escalate their privileges to a higher level. This can lead to full control over the system, potentially compromising confidentiality, integrity, and availability of data and system resources.