anonhaven
Ad

CVE-2026-28713

HIGH CVSS 3.0: 7.1 EPSS 0.05%
Updated Mar 13, 2026
VMWARE
Parameter Value
CVSS 7.1 (HIGH)
Affected Versions before c23.12
Fixed In c23.12
Type CWE-1392
Vendor VMWARE
Public PoC No

Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
Low
Partial disruption

CVSS Vector v3.0

Weakness Type (CWE)

CWE-1392

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Acronis Agent
cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*
 c23.12
Acronis Cyber_Protect
cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
 17.0.41186

References 1

https://security-advisory.acronis.com/advisories/SEC-4168
security@acronis.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-22717

VMWARE

2.7

CVE-2026-22716

VMWARE

5.0

CVE-2026-22715

VMWARE

5.9

CVE-2026-22721

VMWARE

6.2

CVE-2026-22720

VMWARE

8.0