CVE-2026-28725

Low

Low Medium High Critical

CVSS Score

Published: Mar 06, 2026

Last Modified: Mar 13, 2026

Vulnerability Description

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Known Affected Software

2 configuration(s) from 1 vendor(s)

cyber_protect

Version:

CPE:

cpe:2.3:a:acronis:cyber_protect:16:update3:*:*:*:*:*:*

cyber_protect

Version:

CPE:

cpe:2.3:a:acronis:cyber_protect:15:update6:*:*:*:*:*:*

This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://security-advisory.acronis.com/advisories/SEC-8695
security@acronis.com Vendor Advisory

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-732

Incorrect Permission Assignment for Critical Resource

Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class