Description
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://security-advisory.acronis.com/advisories/SEC-8641
Scores
CVSS v3
9.8
EPSS
0.0005
EPSS Percentile
14.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (3)
Acronis/Acronis Cyber Protect 15
unspecified - 41800
Acronis/Acronis Cyber Protect 16
unspecified - 39938
Acronis/Acronis Cyber Protect Cloud Agent
unspecified - 39870
Published
Feb 20, 2026
Tracked Since
Feb 20, 2026