Acronis disclosed a bug submitted by shadowmap: https://hackerone.com/reports/1008364 – Bounty: $250 [Source]