cbcvebase.

Acronis True Image vulnerabilities

25 known vulnerabilities affecting acronis/true_image.

Total CVEs
25
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH19MEDIUM6

Vulnerabilities

Page 2 of 2
CVE-2026-33271P4MEDIUMCVSS 6.7fixed in 20262026-04-02
CVE-2026-33271 [MEDIUM] CWE-732 CVE-2026-33271: Local privilege escalation due to insecure folder permissions. The following products are affected: Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
nvd
CVE-2022-24114P4HIGHCVSS 7.0v20212022-02-04
CVE-2022-24114 [HIGH] CWE-362 CVE-2022-24114: Local privilege escalation due to race condition on application startup. The following products are Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
nvd
CVE-2020-25593P4MEDIUMCVSS 6.7≤ 20212021-07-15
CVE-2020-25593 [MEDIUM] CWE-276 CVE-2020-25593: Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.
nvd
CVE-2008-1280P4MEDIUMCVSS 5.0≤ 9.5.0.80722008-03-10
CVE-2008-1280 [MEDIUM] CWE-20 CVE-2008-1280: Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Ser Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.
nvd
CVE-2008-1279P4MEDIUMCVSS 5.0≤ 1.5.19.191≤ 9.5.0.80722008-03-10
CVE-2008-1279 [MEDIUM] CWE-20 CVE-2008-1279: Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Se Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.
nvd
Acronis True Image vulnerabilities | cvebase