Cyber Resilience

CVE-2026-28718

High

Published: 06 March 2026

Published
06 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0014 33.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28718 is a high-severity Logging of Excessive Data (CWE-779) vulnerability in Acronis Cyber Protect. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-28718 is a denial-of-service vulnerability caused by insufficient input validation in the authentication logging component of Acronis Cyber Protect 17. This issue affects the product on both Linux and Windows platforms in versions prior to build 41186. Published on 2026-03-06, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-779 (Logging of Excessive Data).

The vulnerability can be exploited by unauthenticated attackers accessible over the network, with low attack complexity and no requirement for user interaction. Successful exploitation allows the attacker to trigger a denial of service by causing high resource consumption through malformed input to the authentication logging mechanism, severely impacting availability while leaving confidentiality and integrity unaffected.

The Acronis security advisory SEC-8377, available at https://security-advisory.acronis.com/advisories/SEC-8377, provides details on mitigation. Affected systems should be updated to Acronis Cyber Protect 17 build 41186 or later to address the input validation flaw.

EU & UK References

Vulnerability details

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated DoS via malformed input to exposed auth logging service directly enables T1190 (exploit public-facing app) and T1499.004 (app exploitation causing resource exhaustion).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-28710Same product: Acronis Cyber Protect
CVE-2024-55543Same product: Acronis Cyber Protect
CVE-2024-55540Same product: Acronis Cyber Protect
CVE-2025-11791Same product: Acronis Cyber Protect
CVE-2024-41763Same product: Linux Linux Kernel
CVE-2025-23310Same product: Linux Linux Kernel
CVE-2025-23311Same product: Linux Linux Kernel
CVE-2025-23319Same product: Linux Linux Kernel
CVE-2025-23318Same product: Linux Linux Kernel
CVE-2024-41767Same product: Linux Linux Kernel

Affected Assets

acronis
cyber protect
≤ 17.0.41186

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the insufficient input validation in authentication logging by requiring validation of inputs to prevent denial-of-service from malformed data causing excessive resource consumption.

prevent

Mitigates the vulnerability through timely flaw remediation by updating to Acronis Cyber Protect 17 build 41186 or later, correcting the input validation defect.

prevent

Protects against the denial-of-service impact by implementing mechanisms to limit effects of resource exhaustion attacks targeting authentication logging.

References