CVE-2025-11791
HIGH WAF: Low
CVSS 7.1
Published: 2026-03-06
CWE-862
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
WAF Coverage Analysis
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| acronis | agent | up to c25.10 |
| acronis | cyber_protect | up to 17.0.41186 |
References
- security-advisory.acronis.com (Vendor Advisory)