Cyber Resilience

CVE-2026-28710

Critical

Published: 06 March 2026

Published
06 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 33.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-28710 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Acronis Cyber Protect. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-28710, published on 2026-03-06, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) that enables sensitive information disclosure and manipulation due to improper authentication. It affects Acronis Cyber Protect 17 on Linux and Windows platforms prior to build 41186, mapped to CWE-1390.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation allows high-impact compromise of confidentiality, integrity, and availability, including disclosure and manipulation of sensitive information.

The Acronis security advisory SEC-9137 provides details on mitigation and patches, available at https://security-advisory.acronis.com/advisories/SEC-9137.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote exploitation of a network-accessible service in Acronis Cyber Protect directly enables T1190: Exploit Public-Facing Application for initial access, sensitive information disclosure, and manipulation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28718Same product: Acronis Cyber Protect
CVE-2025-23317Same product: Linux Linux Kernel
CVE-2025-23310Same product: Linux Linux Kernel
CVE-2024-41763Same product: Linux Linux Kernel
CVE-2024-41767Same product: Linux Linux Kernel
CVE-2025-23311Same product: Linux Linux Kernel
CVE-2025-23318Same product: Linux Linux Kernel
CVE-2024-51954Same product: Linux Linux Kernel
CVE-2025-69273Same product: Linux Linux Kernel
CVE-2025-23319Same product: Linux Linux Kernel

Affected Assets

acronis
cyber protect
≤ 17.0.41186

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters improper authentication by limiting and documenting actions permitted without identification or authentication, preventing unauthenticated disclosure and manipulation of sensitive information.

prevent

Enforces approved access control policies to block unauthenticated remote access, comprehensively mitigating the vulnerability's high-impact confidentiality, integrity, and availability effects.

prevent

Requires robust identification and authentication for non-organizational users, such as remote attackers, to prevent exploitation of the improper authentication flaw.

References