A critical authentication flaw in Acronis Cyber Protect allows unauthorized actors to access and manipulate sensitive backup data across both Windows and Linux environments.

This vulnerability stems from improper authentication handling within the core Acronis management components. It allows an attacker to bypass standard security checks to disclose or modify sensitive data without providing valid credentials.

The CVSS score of 10.0 indicates the maximum possible risk to the organization. Since Acronis Cyber Protect manages system backups and recovery, a successful exploit could allow an attacker to delete backups, perform unauthorized data exfiltration, or manipulate recovery points to facilitate ransomware attacks. This directly threatens business continuity and data sovereignty.

Immediate Action: Update Acronis Cyber Protect 16 to build 39938 or later, and Acronis Cyber Protect 15 to build 41800 or later immediately.

Proactive Monitoring: Audit Acronis management logs for any unauthorized access attempts or unusual data manipulation tasks that did not originate from authorized administrators.

Compensating Controls: Isolate the backup management server on a dedicated management VLAN and enforce strict Multi-Factor Authentication (MFA) at the network layer for all access.

Public Exploit Available: No

With a CVSS score of 10.0, this is a "patch now" event. Backup and disaster recovery systems are the last line of defense against cyberattacks; if they are compromised, the organization has no guaranteed path to recovery. Apply the specified builds across all Linux and Windows installations without delay.