CVE-2026-28718
Published: 06 March 2026
Summary
CVE-2026-28718 is a high-severity Logging of Excessive Data (CWE-779) vulnerability in Acronis Cyber Protect. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-28718 is a denial-of-service vulnerability caused by insufficient input validation in the authentication logging component of Acronis Cyber Protect 17. This issue affects the product on both Linux and Windows platforms in versions prior to build 41186. Published on 2026-03-06, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-779 (Logging of Excessive Data).
The vulnerability can be exploited by unauthenticated attackers accessible over the network, with low attack complexity and no requirement for user interaction. Successful exploitation allows the attacker to trigger a denial of service by causing high resource consumption through malformed input to the authentication logging mechanism, severely impacting availability while leaving confidentiality and integrity unaffected.
The Acronis security advisory SEC-8377, available at https://security-advisory.acronis.com/advisories/SEC-8377, provides details on mitigation. Affected systems should be updated to Acronis Cyber Protect 17 build 41186 or later to address the input validation flaw.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9953
Vulnerability details
Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated DoS via malformed input to exposed auth logging service directly enables T1190 (exploit public-facing app) and T1499.004 (app exploitation causing resource exhaustion).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the insufficient input validation in authentication logging by requiring validation of inputs to prevent denial-of-service from malformed data causing excessive resource consumption.
Mitigates the vulnerability through timely flaw remediation by updating to Acronis Cyber Protect 17 build 41186 or later, correcting the input validation defect.
Protects against the denial-of-service impact by implementing mechanisms to limit effects of resource exhaustion attacks targeting authentication logging.