Release Notes

Last document update: May 19, 2026

Table of contents

What’s new

Backup: Support for Linux kernel 7.0

Acronis Cyber Protection agent now supports backup and recovery of Linux operating systems running kernel version 7.0.

Key benefits

• Maintain uninterrupted backup coverage for Linux workloads as you upgrade to the latest kernel.
• Full disk and file backup support for Linux OS with kernel 7.0.

Supported scenarios

• Disk and file backup and recovery of Linux machines running kernel version 7.0.

Licensing

• Solution-based: Backup and DR, Ultimate Protection.
• Service-based (per-workload, per-gigabyte): Standard Protection.

Platform: Agent for Windows on ARM - phase 2

The Acronis Cyber Protection agent for Windows on ARM-based devices now supports additional backup and recovery scenarios, expanding the coverage introduced in C26.03.

Key benefits

• Comprehensive backup coverage: Extends ARM support to include bootable media, CDP, and restore with reboot.
• Universal protection: Protect both x86 and ARM CPU-based workloads from a single console.

Supported scenarios

• Disk and file backup and restore via Bootable Media on ARM workloads.
• Continuous Data Protection (CDP) for ARM workloads.
• Restore with reboot on ARM workloads.

Implementation notes

• Secure Boot must be disabled for Bootable Media and restore with reboot to work on ARM.
• Supported operating systems: Windows 11 and Windows Server 2025 or later.

Licensing

• N/A

Platform: Complete hierarchy navigation

Partners can now browse the full tenant hierarchy from the Cyber Protect Cloud console and navigate seamlessly across partner tenants and subtenants without losing context or returning to the Management console.

Key benefits

• Navigate seamlessly across partner tenants and subtenants in the Cyber Protect Cloud console without losing context.
• Simplify daily operations and reduce time switching between views.
• Eliminate the need to repeatedly return to the Management console when working across tenants.

Supported scenarios

• A partner administrator moves from a parent tenant to a specific customer and then to a device level to investigate and resolve an issue - without switching consoles.

Licensing

• Available with all licenses.

Cyber Frame: General Availability

Cyber Frame is now generally available. Service providers can deliver IaaS services (virtual machines, networks, compute, and storage) on their own infrastructure, with built-in backup, disaster recovery, security, and RMM enabled from day one.

Key benefits

• Deliver IaaS services: Provide VMs, networks, hot and cold storage to customers on your own terms and infrastructure.
• Available in two deployment models: SP-hosted (Cyber Frame Local) and Acronis-hosted (Cyber Frame Cloud).
• Protected by default: Built-in backup, DR, security, and RMM are automatically enabled from day one.
• No proprietary hypervisor lock-in: Built on OpenStack and KVM, giving service providers long-term flexibility and independence; OpenStack API support for self-service operations.
• Built together with Virtuozzo: A leader in the hyperconverged infrastructure domain.
• Multi-tenant and designed for service providers: Enables efficient and profitable IaaS delivery.
• In-situ support: Our support team can assist by connecting to the infrastructure by using a read-only admin account.

Supported scenarios

• Provision and manage virtual machines, virtual networks, and tiered storage services from the platform.
• Run multiple tenants on shared infrastructure with logical isolation between customers.
• Enable customer self-service provisioning within defined resource limits.
• Automatically provide native backup and DR for workloads, including VM-level backup, restore, failover, and failback.
• Enable advanced threat protection with centralized monitoring and policy enforcement across virtual machines.
• Configurable network parameters for auto-deployment of the Cyber Protection appliance.

Check out the Getting Started Guide.

Licensing

• Contact your Acronis representative for licensing information.

Cyber Scripting: Script output parameters

Partners and customers can now define structured output parameters for cyber scripts by using a JSON schema. The script output is directly accessible as task parameters in subsequent steps of automation workflows.

Key benefits

• Easily use structured output of a script in automation workflows.
• Eliminate manual parsing - script output is structured and directly accessible as typed parameters.
• Build more powerful multi-step automations by chaining script results into conditions and actions.

Supported scenarios

• Partner or customer defines the output parameters of a cyber script as a JSON schema.
• During execution, the script writes a JSON object to a file according to the schema.
• The JSON output is directly accessible as task parameters in subsequent workflow steps.

Licensing

• Solution-based: Security and RMM, Ultimate Protection.
• Service-based (per-workload, per-gigabyte): With the RMM offering item under the Cyber Protection service.

Workflow Automation: Tenant-level workflow management

Create workflows that automatically adapt to each customer’s unique environment by using tenant-specific data - user emails, protection plans, scripts, and hostnames. One workflow definition works correctly for all customers, with no per-customer versions to create or maintain.

Key benefits

• One workflow for all customers, zero maintenance: Workflows reference tenant-specific data at runtime, so the same workflow runs correctly across all customer environments without creating separate versions for each.
• Always reaches the right people: Select notification recipients from a dynamically populated list of tenant user emails - no address books to maintain as customer contacts change.
• Reliable as environments change: Intelligent fallbacks and clear warnings handle missing or outdated tenant data, so workflows continue to run reliably even as customer configurations evolve.

Supported scenarios

• Configure a workflow to send email notifications to specific users in a tenant by selecting from a dynamically populated list of user emails, ensuring communications reach the right people without manual maintenance.
• Create workflows that execute tenant-specific scripts or apply protection plans from the tenant’s own library.

Licensing

• Available with all licenses.

Workflow Automation: Schedule-based workflows

Run monthly, weekly, daily, and even hourly tasks independently from other operations. Eliminate manual monitoring routines and ensure critical operations happen reliably, without depending on external events or triggers.

Key benefits

• Save hours of manual work every week: For example, monitoring backup status across 50 customer environments previously required around 2 hours of manual effort every week - now a single workflow runs automatically, creates tickets for failures, and delivers a summary report.
• Never miss a routine operation: Schedule backup health checks, compliance reports, and maintenance tasks to run at a set time, every time - no external trigger required.
• Build once, run for all customers: A single scheduled workflow covers all customer environments automatically, with results aggregated into one report or ticket queue.

Supported scenarios

• Configure a workflow to automatically check backup status across all 50 client environments every Monday at 6 AM, create tickets for failures, and send a summary report - replacing 2 hours of manual weekly checks.
• The workflow executes on a scheduled basis, retrieves backup statuses, evaluates health, and notifies administrators when attention is required.

These are just two examples of the many automation scenarios that Workflow Automation enables.

Licensing

• Available with all licenses.

Workflow Automation: Cycle functionality

Process all devices, workloads, or any list of items automatically in a single workflow run. Loop through arrays returned by workflow triggers or actions, apply conditions and actions to each item, and track each step in the execution history.

Key benefits

• Eliminate repetitive per-device work: Process an entire list of devices or workloads in one run - no need to trigger separate workflows for each item.
• Apply consistent logic across all items: Conditions and actions are evaluated individually per item, so each device gets the right response based on its own state.
• Full visibility into bulk operations: The execution history shows results for every item in the loop, making it easy to verify outcomes and investigate exceptions.

Supported scenarios

• Loop through arrays returned by triggers or actions, such as device lists, and apply conditions and actions to each item individually.
• When new devices are discovered, automatically check each device and apply a protection plan only to those that meet specific criteria, such as OS type or status.
• Configure loop exit logic to stop processing when a specific condition is met.

Licensing

• Available with all licenses.

RMM: Peer-to-peer distribution of Microsoft Updates

Partners can reduce the consumption of internet bandwidth during Windows patch deployments by up to 95% by using the native Windows Delivery Optimization service. Configure peer-to-peer patch sharing directly in the protection plan, no additional infrastructure required.

Key benefits

• Up to 95% bandwidth savings: Reduce the internet usage during patch deployments without deploying WSUS servers, Connected Cache, or any additional infrastructure.
• Zero infrastructure overhead: Leverages the native Windows Delivery Optimization service - no proprietary P2P engine to deploy or maintain. Patches remain Microsoft-signed and delivered via Microsoft’s trust chain.
• Simple configuration: Configure once in the protection plan. The policy propagates automatically to all devices in the plan.
• Eliminate Patch Tuesday congestion: For organizations with 30 or more devices on the same LAN, peer sharing eliminates network congestion and reduces support tickets.

Supported scenarios

• Enable peer-to-peer patch sharing by editing a protection plan: switch on the ‘Delivery Optimization’ option, select LAN-only mode, and save. The policy propagates automatically to all devices in the plan.
• On Patch Tuesday, instead of every device downloading a patch individually, the first device shares it with peers over the local network, dramatically reducing total internet download volume.

Implementation notes

• Supported on Windows 10 (build 1709 and later), Windows 11, Windows Server 2019 (build 1809) and later.
• Devices running older operating systems are silently skipped and continue to download patches directly from Microsoft CDN, with no errors or alerts generated.

Licensing

• Solution-based: Security and RMM, Ultimate Protection.
• Service-based (per-workload, per-gigabyte): With the RMM offering under the Cyber Protection service.

Security: Partner-level security policy management

Partner and folder administrators can now create and apply security-related protection plans to one, several, or all customer machines, providing full control over customer workload protection.

Key benefits

• Apply security policies consistently across all customer machines from a single partner-level interface.
• Manage EDR incidents centrally at partner level, without switching between customer tenants.
• Enforce security standards across the entire customer base with a single protection plan.

Supported scenarios

• A partner creates a security protection plan and applies it to machines across one, several, or all customer tenants.
• The following security capabilities can be managed at partner level: Endpoint Detection and Response (EDR), antivirus and antimalware protection, URL filtering, Microsoft Defender Antivirus, and firewall management.
• Partner administrators manage EDR incidents at partner level, across all customer machines.

Licensing

• Solution-based: Security and RMM, Ultimate Protection.
• Service-based (per-workload, per-gigabyte): With the Detection and Response offering items under the Cyber Protection service.

Security: MDR Dashboard enhancements

The MDR Dashboard now includes new widgets and interactive components to improve MDR monitoring and reporting for MSP administrators.

Key benefits

• Quickly assess the overall security posture with color-coded incident severity indicators.
• Analyze incident trends over time with a flexible time period selector.
• Access the MDR Service Portal directly from the dashboard for deeper incident investigation.

Supported scenarios

• MSP admin reviews daily security posture: Opens the MDR Dashboard, scans the incident state summary and severity indicators to spot critical or high-priority incidents, checks the workload breakdown, and decides whether escalation is needed.
• MSP admin analyzes incident trends: Toggles the time period (rolling 30 days or calendar month), reviews per-customer incident counts and severity distribution, examines top MITRE ATT&CK techniques, and prepares recommendations.
• MSP admin accesses the Service Portal: Identifies an incident requiring deeper investigation and clicks the Service Portal button to open the incident management system in a new tab.

Licensing

• Solution-based: Security and RMM, Ultimate Protection.
• Service-based (per-workload, per-gigabyte): With the Detection and Response offering items under the Cyber Protection service.

Security: Export EDR/XDR incidents in STIX format

Partners can now export the details of EDR and XDR incidents as STIX 2.1 JSON bundles for NIS2 compliance reporting and threat intelligence sharing with CSIRTs and threat intelligence platforms.

Key benefits

• NIS2 compliance as a service: Automate mandatory EU incident reporting on behalf of customers.
• Threat intelligence sharing: Publish structured incident data to CSIRT/CERT networks and threat intelligence platforms.
• Seamless integration: STIX/TAXII and MISP-compatible exports plug directly into existing security workflows.
• Controlled disclosure: TLP 2.0 markings let you manage data sensitivity per destination.

Supported scenarios

• Export an incident as a STIX 2.1 JSON bundle using the Export STIX Report button in the Incident details panel.
• Select from three NIS2-aligned export presets: Early Warning (≤24 hours), Incident Notification (≤72 hours), and Final Report (≤1 month).
• Apply TLP 2.0 data markings (CLEAR, GREEN, AMBER, AMBER+STRICT, RED) to control how the exported data is shared.
• Ingest exported bundles directly into MISP or TAXII-compatible platforms.

Implementation notes

• Each export contains: files, hashes, processes, IP addresses, URLs, domains, registry keys, and user accounts.
• MITRE ATT&CK technique mapping is automatically included in every export.
• YARA patterns and detection-rule linkage are included in the export.

Licensing

• Solution-based: Security and RMM, Ultimate Protection.
• Service-based (per-workload, per-gigabyte): With the Detection and Response offering items under the Cyber Protection service.

Acronis GenAI Protection: MCP server monitoring

In the MCP server monitoring widget under the Protection menu, partners and customers can now discover and monitor Model Context Protocol (MCP) servers across managed devices, gaining visibility into AI tool usage and potential supply chain risks associated with external AI services.

Key benefits

• Gain visibility into AI tool usage: Identify which MCP servers are used across managed devices, including the applications (MCP clients) and users interacting with them.
• Strengthen security posture: Detect unknown or potentially risky third-party AI services by analyzing connections to external MCP servers.
• Partner-level oversight: Centrally track MCP server usage across all managed customers from a single partner view.

Supported scenarios

• Discover AI tool usage across customer environments: In the Cyber Protection console, navigate to Protection > MCP server monitoring to identify which MCP servers are in use, including the client applications and users interacting with them.
• Investigate potential supply chain risks: analyze connections to external MCP servers to detect unknown or potentially risky third-party services.
• Monitor MCP server usage across all managed customers from the partner view, enabling faster response when risks are identified.

Licensing

• Solution-based: With the Workstations offering item under the Ultimate Protection license.
• Service-based (per-workload, per-gigabyte): With the Endpoints offering item under the Acronis GenAI Protection service.

Integrations: Solution-based licensing for CloudBlue Connect

Partners can now resell Acronis services through pre-configured solution bundles directly in CloudBlue Connect service plans, making it easier for smaller MSPs to offer advanced features without combining multiple offering items manually.

Key benefits

• Enable smaller MSPs to easily resell Acronis services through pre-configured bundles, eliminating the complexity of combining multiple offering items.
• Drive higher adoption of advanced features with ready-to-use solution bundles.

Supported scenarios

• New bundled resources that partners can configure directly within service plans without combining individual offering items.
• All existing integration scenarios are fully supported: service enablement, quota allocation, usage processing, cancellations, and suspend/resume.

Licensing

• N/A (Integrations)

Integrations: ConnectWise Asio integration - updated alert types

The ConnectWise Asio integration now supports an expanded set of alert types from Acronis services, enabling partners to manage more Acronis alerts directly in ConnectWise Asio as part of the central ticketing workflow.

Key benefits

• Manage more Acronis alerts directly in ConnectWise Asio as part of the central ticketing workflow.
• Improve visibility and response by consolidating alerts across products in one system.

Supported scenarios

• Backup failures, security incidents, and patch alerts from Acronis are automatically converted into tickets in ConnectWise Asio, allowing technicians to manage and prioritize all work from a single queue.

Licensing

• N/A (Integrations)

Updated Components

Acronis Cyber Protection agent

The Acronis Cyber Protection agent has the following new versions.

• Acronis Cyber Protection agent for Windows (v.26.05.42475)
• Acronis Cyber Protection agent for Mac (v.26.05.42475)
• Acronis Cyber Protection agent for Linux (v.26.05.42475)

For more information about the release history of the Acronis Cyber Protection agent, see the agent release notes.

Changes in the Acronis Cyber Cloud API

You can find more information and the history of changes in Acronis Cyber Cloud API in the API change log document.

Fixed issues

Acronis Cyber Protect Cloud

Common

• [ABR-420925] Email notifications for backup opratations contain encoded characters in the email subject line.
• [KERNEL-20751] The alert "Cyber Protection (or Active Protection) service is not responding" is triggered on multiple devices.
• [ABR-425933] After reinstalling the Cyber Protection agent, clicking the Register workload button opens a browser tab with the list of devices, but the registration dialog does not open automatically. The workload registration cannot be completed through the installer.
• [ABR-398365] Operations reports in the Management Portal may fail to load or time out when a unit contains a large number of Microsoft 365 workloads. Partners may not be able to view or download the report data.

Backup

• [KERNEL-20805] Backup plans may complete with the warning message 'Windows error: (0x8007001F) A device attached to the system is not functioning.' The backup itself may succeed despite the warning.
• [ABR-425267] After upgrading to macOS Sequoia 15.7.5, the Cyber Protection agent for Mac cannot mount SMB/CIFS shares used as backup destinations. Backups targeting an SMB share fail with the error 'Failed to mount SMB share.'
• [ABR-425171] Cloud-to-Cloud backup plans for Google Workspace (Gmail and Google Drive) may not run on schedule. The backups appear idle with no error messages even though the schedule is configured for daily runs.
• [ABR-393809] Cloud-to-Cloud backups of Microsoft 365 workloads (OneDrive, Mailbox, SharePoint) may complete with the warning 'Failed to register a backup in backup file. Please refresh the list of recovery points.'

Cyber Frame

• [ABR-428938] Cyber Frame infrastructure provisioning fails with the error 'Failed to provision infrastructure.' The Cyber Frame cluster is not in a provisioned state and cannot be used.
• [ABR-426505] In Cyber Frame, attempting to delete a volume fails with the error 'Incorrect json data (Deprecated field).' The volume cannot be deleted.

Disaster Recovery

• [DRAAS-26203] The Disaster recovery status of protected virtual machines is displayed incorrectly as "Not enabled".

Virtualization protection

• [ABR-415764] After a VMware Virtual Appliance is redeployed or reinstalled, the update activity from the previous deployment may remain visible in the console in a stuck state and cannot be cancelled.

Known issues and limitations

Acronis Cyber Protect Cloud

Autodiscovery and remote installation

• [ADP-39185] Active Directory-based discovery does not operate as expected with the default configuration of Windows Server 2025 because it enforces LDAP encryption by default.
  • Solution: See this KB article.

Backup

• [ABR-408680] Proxmox VE: When performing parallel backup operations with 2 or more Linux-based Proxmox VMs, which contain LVMs and XFS file system inside, the backup activities may become unresponsive in some cases.

  • Solution: Reduce the number of parallel VM backups in corresponding protection plan (Backup options -> Scheduling)

• [ABR-365442] The backup validation completes successfully, but the validation status is incorrect or missing in backup sets with a large number of backups.
• [ABR-361097] It is possible to create backups with special characters in their names, but such backups are not accessible when saved on a network storage.
  
  • Solution: Do not use special characters in backup names, even though the application allows you to.
• [ABR-305920] The backups of System state performed via the Windows Server Backup feature fail with the error message "The process cannot access the file because it is being used by another process."

Bootable media

• [ABR-358235] WinPE-based media: Unable to browse backup files if the cloud storage location contains corrupted backup archives.

Cyber Protection agent

• [ABR-371912] The Acronis SnapAPI module may require separate compilation after installation on Rocky Linux or Oracle Linux 8.7 distributions.
  • Solution: Compile the SnapAPI module manually after installing the Agent for Linux on a workload that runs on a Rocky Linux or Oracle Linux 8.7 distribution.

Disaster recovery

• If the tenant (customer or partner) is disabled or deleted while an Automated Failover is in progress, the operation fails with the error "Please try again later or contact Support" while it should indicate that the tenant is no longer accessible.

Recovery

• [ABR-371521] When browsing backup archives, the sorting of files by last change date does not work correctly.

Virtualization protection

• [ABR-383978] No alert about almost reached storage quota is displayed for agentless Microsoft Azure VM backups.
• [ABR-383972] No alert about exceeded storage quota is displayed for agentless Microsoft Azure VM backups.

For more information on known issues and workarounds, please visit our Knowledge Base.