7.8
CVE-2026-41220
- EPSS 0.11%
- Veröffentlicht 29.04.2026 13:43:36
- Zuletzt bearbeitet 19.05.2026 15:05:11
- Quelle security@acronis.com
- CVE-Watchlists
- Unerledigt
Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAcronis
≫
Produkt
Acronis DeviceLock DLP
Default Statusunaffected
Version
unspecified
Version <
9.0.93212
Status
affected
HerstellerAcronis
≫
Produkt
Acronis Cyber Protect Cloud Agent
Default Statusunaffected
Version
unspecified
Version <
42183
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.014 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@acronis.com | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://security-advisory.acronis.com/advisories/SEC-10296