CVE-2026-28718

High

Published: 06 March 2026

Published

06 March 2026

Modified

12 March 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0010 27.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28718 is a high-severity Logging of Excessive Data (CWE-779) vulnerability in Acronis Cyber Protect. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AU-7 Audit Record Reduction and Report Generation

addresses: CWE-779

Audit record reduction explicitly manages excessive log volumes for review and reporting while preserving original content and ordering, reducing the impact of logging excessive data.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Remote unauthenticated DoS via malformed input to exposed auth logging service directly enables T1190 (exploit public-facing app) and T1499.004 (app exploitation causing resource exhaustion).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Deeper analysisAI

CVE-2026-28718 is a denial-of-service vulnerability caused by insufficient input validation in the authentication logging component of Acronis Cyber Protect 17. This issue affects the product on both Linux and Windows platforms in versions prior to build 41186. Published on 2026-03-06, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-779 (Logging of Excessive Data).

The vulnerability can be exploited by unauthenticated attackers accessible over the network, with low attack complexity and no requirement for user interaction. Successful exploitation allows the attacker to trigger a denial of service by causing high resource consumption through malformed input to the authentication logging mechanism, severely impacting availability while leaving confidentiality and integrity unaffected.

The Acronis security advisory SEC-8377, available at https://security-advisory.acronis.com/advisories/SEC-8377, provides details on mitigation. Affected systems should be updated to Acronis Cyber Protect 17 build 41186 or later to address the input validation flaw.

Details

CWE(s): CWE-779

Affected Products

acronis

cyber protect

≤ 17.0.41186

CVEs Like This One

CVE-2026-28710Same product: Acronis Cyber Protect

CVE-2024-55543Same product: Acronis Cyber Protect

CVE-2024-55540Same product: Acronis Cyber Protect

CVE-2025-11791Same product: Acronis Cyber Protect

CVE-2025-23318Same product: Linux Linux Kernel

CVE-2025-23310Same product: Linux Linux Kernel

CVE-2025-69273Same product: Linux Linux Kernel

CVE-2025-23317Same product: Linux Linux Kernel

CVE-2025-23311Same product: Linux Linux Kernel

CVE-2024-51954Same product: Linux Linux Kernel

References

https://security-advisory.acronis.com/advisories/SEC-8377
Vendor Advisory · security@acronis.com