{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27774", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2026-04-01T00:44:58.734Z", "datePublished": "2026-04-02T17:05:19.178Z", "dateUpdated": "2026-04-03T03:55:47.929Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-04-02T17:05:19.178Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-427", "description": "CWE-427", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis True Image", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "42902", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-10057", "name": "SEC-10057", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "@chipotle_chili (https://hackerone.com/chipotle_chili)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-27774"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T03:55:47.929Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27774", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T17:46:30.897774Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T17:46:33.413Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@chipotle_chili (https://hackerone.com/chipotle_chili)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis True Image", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "42902", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-10057", "name": "SEC-10057", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-04-02T17:05:19.178Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27774", "state": "PUBLISHED", "dateUpdated": "2026-04-03T03:55:47.929Z", "dateReserved": "2026-04-01T00:44:58.734Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2026-04-02T17:05:19.178Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902."}], "id": "CVE-2026-27774", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security@acronis.com", "type": "Secondary"}]}, "published": "2026-04-02T18:16:26.930", "references": [{"source": "security@acronis.com", "url": "https://security-advisory.acronis.com/advisories/SEC-10057"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security@acronis.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,42902)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 82.0, "source": "matching"}]}, "original": {"product": "Acronis True Image", "source": "cna", "vendor": "Acronis"}, "product": "true_image", "vendor": "acronis"}], "analysis": {"en": {"generated_at": "2026-04-02T21:58:19.336695+00:00", "value": {"mitigation_remediation": ["Apply the latest Acronis True Image update (build 42902 or later)"], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Users running any Windows build of Acronis True Image prior to build 42902 are affected. The vulnerability applies to installations that have not installed that build or later updates.", "description_and_impact": "Acronis True Image for Windows contains a flaw that allows a local attacker to gain elevated privileges by hijacking a library file. The issue is classified as path manipulation (CWE\u2011427). When the application loads a library from a directory that the attacker can control, arbitrary code can be executed with the application's privileges, potentially granting system\u2011level access.", "risk_and_exploitability": "The CVSS score of 6.7 signifies moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no known public exploits. The likely attack vector is that an attacker must be able to place a malicious DLL in a directory considered by True Image, which requires local access or the ability to run the application with elevated permissions. Once the DLL is loaded the attacker can execute arbitrary code with the privileges of the process, posing a significant risk to the affected systems."}}}}, "created": "2026-04-03T08:58:14.620368+00:00", "title": "Local Privilege Escalation via DLL Hijacking in Acronis True Image", "updated": "2026-04-03T09:18:17.388226+00:00", "vendors": ["acronis", "acronis$PRODUCT$true_image"]}