CVE-2026-28723 is an access control vulnerability (CWE-863) affecting Acronis Cyber Protect 17 on both Linux and Windows platforms prior to build 41186. The vulnerability allows an attacker with limited privileges to delete reports without proper authorization, due to insufficient access control mechanisms in the product. Specifically, the flaw enables unauthorized report deletion, which compromises the integrity of the system's audit and reporting functions. The CVSS v3.0 score is 4.3 (medium), reflecting that the attack vector is network-based (AV:N), requires low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact affects only integrity (I:L), with no confidentiality or availability impact. No public exploits have been reported yet, but the vulnerability could be leveraged by insiders or attackers who have gained limited access to the system to cover tracks or disrupt forensic investigations. Acronis Cyber Protect 17 is widely used in enterprise environments for backup, disaster recovery, and cybersecurity management, making the integrity of its reporting functions critical for operational security and compliance. The vulnerability underscores the need for strict authorization checks on sensitive operations within security management tools.

The primary impact of CVE-2026-28723 is the unauthorized deletion of reports, which undermines the integrity of audit logs and security reports generated by Acronis Cyber Protect 17. This can hinder incident response, forensic investigations, and compliance auditing by removing evidence of malicious activity or system events. Although confidentiality and availability are not directly affected, the loss of reliable reporting can lead to delayed detection of breaches and reduced trust in security monitoring. Organizations relying on Acronis Cyber Protect for backup and cybersecurity management may face increased risk of undetected intrusions or insider threats if attackers exploit this vulnerability to erase traces of their actions. The vulnerability is exploitable remotely with low privileges, increasing the attack surface. While no known exploits exist currently, the potential for misuse in targeted attacks or insider scenarios is significant, especially in environments with lax access controls or shared credentials.

To mitigate CVE-2026-28723, organizations should: 1) Apply the official patch or update from Acronis as soon as it becomes available to ensure proper access control enforcement. 2) Restrict user privileges strictly following the principle of least privilege, ensuring that only authorized personnel have permissions to delete reports or perform sensitive operations. 3) Implement strong authentication and session management to prevent unauthorized access by low-privileged users. 4) Monitor and audit user activities related to report management to detect suspicious deletion attempts promptly. 5) Use network segmentation and firewall rules to limit access to the Acronis Cyber Protect management interfaces to trusted administrative networks. 6) Regularly back up audit logs and reports to secure, tamper-evident storage to preserve forensic evidence even if local reports are deleted. 7) Educate administrators about the risks of privilege escalation and the importance of safeguarding credentials. These measures collectively reduce the risk of exploitation and improve detection and response capabilities.