CVE-2026-28720 is a vulnerability identified in Acronis Cyber Protect 17, a widely used backup and cybersecurity solution for both Linux and Windows platforms. The issue stems from insufficient authorization checks (CWE-863), which allow an attacker with low-level privileges to modify security settings without proper permission validation. This flaw could enable an attacker to alter configurations that control backup operations, security policies, or protection mechanisms, potentially degrading the security posture of the affected system. The vulnerability is exploitable remotely over the network (AV:N) with low attack complexity (AC:L), requiring only privileges equivalent to a low-privileged user (PR:L) and no user interaction (UI:N). The scope of the vulnerability is unchanged (S:U), meaning the impact is limited to the vulnerable component. The CVSS v3.0 base score is 4.3, reflecting a medium severity primarily due to the impact on integrity (I:L) without affecting confidentiality or availability. No public exploits have been reported yet, and no patches were linked at the time of publication, indicating that organizations should monitor vendor updates closely. The vulnerability could be leveraged by insiders or attackers who have gained limited access to escalate their control over the system's security settings, potentially facilitating further attacks or disabling protective measures.

The primary impact of CVE-2026-28720 is on the integrity of the affected systems, as unauthorized modification of security settings can weaken defenses, disable backup operations, or alter protection policies. This can lead to increased risk of data loss, ransomware infection, or other malicious activities if attackers manipulate backup configurations or disable security features. Organizations relying on Acronis Cyber Protect 17 for critical data protection and cybersecurity may face operational disruptions or compromised recovery capabilities. Although confidentiality and availability are not directly impacted, the indirect effects of weakened security controls can be significant. The vulnerability's exploitation requires some level of access, so insider threats or attackers who have breached perimeter defenses pose the greatest risk. The absence of known exploits in the wild reduces immediate risk, but the potential for future exploitation remains, especially as threat actors often target backup and protection software to maximize impact.

Organizations should implement the following specific mitigations: 1) Restrict administrative and configuration access to Acronis Cyber Protect 17 to trusted personnel only, using strong authentication and role-based access controls. 2) Monitor and audit configuration changes within the Acronis management console to detect unauthorized modifications promptly. 3) Network segmentation should be employed to limit access to the management interfaces of Acronis Cyber Protect 17, reducing exposure to potential attackers. 4) Apply vendor patches and updates as soon as they become available to address this vulnerability directly. 5) Employ multi-factor authentication (MFA) for all accounts with configuration privileges to reduce the risk of credential compromise. 6) Conduct regular security assessments and penetration tests focusing on backup and protection software to identify and remediate similar authorization weaknesses. 7) Educate administrators about the risks of unauthorized configuration changes and enforce strict operational procedures for managing security settings.