Cyber Posture

CVE-2026-28710

Critical

Published: 06 March 2026

Published
06 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28710 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Acronis Cyber Protect. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Directly counters improper authentication by limiting and documenting actions permitted without identification or authentication, preventing unauthenticated disclosure and manipulation of sensitive information.

AC-3 Access Enforcement good match
prevent

Enforces approved access control policies to block unauthenticated remote access, comprehensively mitigating the vulnerability's high-impact confidentiality, integrity, and availability effects.

IA-8 Identification and Authentication (Non-organizational Users) good match
prevent

Requires robust identification and authentication for non-organizational users, such as remote attackers, to prevent exploitation of the improper authentication flaw.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated remote exploitation of a network-accessible service in Acronis Cyber Protect directly enables T1190: Exploit Public-Facing Application for initial access, sensitive information disclosure, and manipulation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Deeper analysisAI

CVE-2026-28710, published on 2026-03-06, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) that enables sensitive information disclosure and manipulation due to improper authentication. It affects Acronis Cyber Protect 17 on Linux and Windows platforms prior to build 41186, mapped to CWE-1390.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation allows high-impact compromise of confidentiality, integrity, and availability, including disclosure and manipulation of sensitive information.

The Acronis security advisory SEC-9137 provides details on mitigation and patches, available at https://security-advisory.acronis.com/advisories/SEC-9137.

Details

CWE(s)
CWE-1390

Affected Products

acronis
cyber protect
≤ 17.0.41186

CVEs Like This One

CVE-2026-28718Same product: Acronis Cyber Protect
CVE-2025-69273Same product: Linux Linux Kernel
CVE-2024-41763Same product: Linux Linux Kernel
CVE-2024-51954Same product: Linux Linux Kernel
CVE-2024-41767Same product: Linux Linux Kernel
CVE-2025-23319Same product: Linux Linux Kernel
CVE-2025-23311Same product: Linux Linux Kernel
CVE-2025-23310Same product: Linux Linux Kernel
CVE-2025-23318Same product: Linux Linux Kernel
CVE-2025-23317Same product: Linux Linux Kernel

References