CVE-2026-42061
Received
Received - Intake
Local Privilege Escalation in Acronis DeviceLock DLP
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: Acronis International GmbH
Description
Description
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acronis | devicelock_dlp | to 9.0.15051.93227 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue caused by excessive permissions assigned to child processes in Acronis DeviceLock DLP (Windows) versions before build 9.0.15051.93227.
How can this vulnerability impact me? :
An attacker with limited privileges could exploit this vulnerability to gain higher privileges on the affected system, potentially leading to full control over the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70