CVE-2026-28713 is a vulnerability classified under CWE-1392, affecting Acronis Cyber Protect Cloud Agent (VMware) before build 36943 and Acronis Cyber Protect 17 (VMware) before build 41186. The core issue is the presence of default credentials configured for a local privileged user account within the virtual appliance. This misconfiguration allows an attacker to remotely exploit the system, provided some user interaction occurs, to gain unauthorized access with elevated privileges. The CVSS 3.0 score of 7.1 reflects a high severity, with attack vector being network-based (AV:N), requiring high attack complexity (AC:H), no privileges required (PR:N), but user interaction is necessary (UI:R). The scope is unchanged (S:U), and the impact on confidentiality and integrity is high (C:H, I:H), while availability impact is low (A:L). This vulnerability could lead to unauthorized disclosure and modification of sensitive data, potentially compromising backup integrity and security posture of affected environments. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. The vulnerability is particularly concerning in virtualized environments where Acronis Cyber Protect is deployed for backup and recovery, as attackers gaining privileged access could disrupt backup processes or exfiltrate critical data.

The vulnerability enables attackers to gain privileged access to the virtual appliance hosting Acronis Cyber Protect Cloud Agent, potentially compromising backup data confidentiality and integrity. This can lead to unauthorized data disclosure, tampering with backup configurations, or disabling backup and recovery functions, severely impacting organizational resilience. Given the critical role of backup solutions in disaster recovery and cyber defense, exploitation could facilitate ransomware attacks or data loss scenarios. The high confidentiality and integrity impact means sensitive data protected by Acronis solutions could be exposed or altered, undermining trust in backup integrity. Although availability impact is low, the disruption of backup services can indirectly affect availability of critical systems during recovery. Organizations worldwide relying on Acronis in VMware environments face risks of data breaches and operational disruptions if this vulnerability is exploited.

Organizations should immediately verify their Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 17 VMware versions and upgrade to builds 36943 or later for the Cloud Agent and 41186 or later for Cyber Protect 17 once patches are released. Until patches are available, administrators should change default credentials for all local privileged accounts within the virtual appliance to strong, unique passwords. Restrict network access to the management interfaces of the virtual appliance using firewall rules and network segmentation to limit exposure. Implement multi-factor authentication where possible to reduce risk from credential compromise. Monitor logs for unusual access patterns or authentication attempts related to the virtual appliance. Conduct regular audits of user accounts and credentials in the environment. Additionally, consider isolating backup appliances from general network access and applying strict access controls to minimize attack surface. Stay informed through vendor advisories for official patches and updates.