CVE-2026-28723 is an access control vulnerability classified under CWE-863 affecting Acronis Cyber Protect 17 on both Linux and Windows platforms prior to build 41186. The vulnerability allows an attacker with limited privileges to delete reports without proper authorization, due to insufficient enforcement of access control policies. The vulnerability does not require user interaction and can be exploited remotely over the network. The CVSS v3.0 score is 4.3, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This means the attacker needs some privileges on the system but no user interaction, and the impact is limited to integrity loss (unauthorized report deletion) without affecting confidentiality or availability. Reports managed by Acronis Cyber Protect 17 are critical for auditing, compliance, and incident response, so their unauthorized deletion can hinder forensic investigations and operational transparency. No known exploits have been reported in the wild, and no official patches have been linked yet, although the vendor has reserved the CVE and published the advisory. The vulnerability affects all unspecified versions before build 41186, so organizations must verify their software versions and prepare for patch deployment. The root cause is a failure in implementing proper access control checks before allowing report deletion operations.

The primary impact of CVE-2026-28723 is the unauthorized deletion of security and backup reports, which compromises the integrity of critical audit and operational data. This can lead to loss of forensic evidence, hinder incident response efforts, and reduce organizational visibility into security events and backup statuses. Although confidentiality and availability are not directly affected, the inability to trust report data can indirectly impair security posture and compliance adherence. Organizations relying heavily on Acronis Cyber Protect 17 for cybersecurity management and backup verification may face operational disruptions and increased risk of undetected malicious activities. Attackers with limited privileges could exploit this vulnerability to cover their tracks by deleting reports, complicating investigations. The scope includes all deployments of Acronis Cyber Protect 17 before build 41186 on Linux and Windows, which are widely used in enterprise environments globally. The absence of known exploits in the wild reduces immediate risk but does not eliminate the need for prompt mitigation.

1. Verify the current build version of Acronis Cyber Protect 17 in your environment and identify any installations prior to build 41186. 2. Restrict user privileges strictly to the minimum necessary, especially limiting report deletion permissions to trusted administrators only. 3. Implement monitoring and alerting for report deletion activities to detect unauthorized attempts promptly. 4. Maintain comprehensive logging of all report management actions and regularly audit these logs for anomalies. 5. Prepare for rapid deployment of vendor patches once they become available; monitor Acronis advisories closely. 6. Consider isolating Acronis management consoles and restricting network access to trusted hosts to reduce remote exploitation risk. 7. Educate administrators about the vulnerability and enforce strict operational procedures around report handling. 8. If possible, implement additional access control mechanisms or compensating controls at the network or application layer to prevent unauthorized deletions until patches are applied.