Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities
CVE-2026-4761 (GCVE-0-2026-4761)
Vulnerability from cvelistv5 – Published: 2026-03-25 12:45 – Updated: 2026-03-26 08:58
VLAI?
Title
Unnecessary permissions on private keys of certificates installed by Network and Security Wizard
Summary
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.
* Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable
Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODRA | Panorama Suite |
Affected:
Panorama Suite 2025 , < update PS-2500-00-0357
(custom)
Unaffected: Panorama Suite 2025 Updated Dec. 25 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:06:35.347666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:06:43.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Network and Security Tool"
],
"platforms": [
"Windows"
],
"product": "Panorama Suite",
"vendor": "CODRA",
"versions": [
{
"lessThan": "update PS-2500-00-0357",
"status": "affected",
"version": "Panorama Suite 2025",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "Panorama Suite 2025 Updated Dec. 25"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codra:panorama_suite:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "update_ps-2500-00-0357",
"versionStartIncluding": "panorama_suite_2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codra:panorama_suite:panorama_suite_2025_updated_dec._25:*:windows:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.\u003cbr\u003e\u003cul\u003e\u003cli\u003eInstallations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed\u003c/li\u003e\u003cli\u003eInstallations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable\u003c/li\u003e\u003c/ul\u003ePlease refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt."
}
],
"value": "When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.\n * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed\n * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable\n\n\nPlease refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 3.3,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T08:58:02.831Z",
"orgId": "30aa36b7-a224-4bc9-b7d3-abea20aa4887",
"shortName": "CODRA"
},
"references": [
{
"url": "https://my.codra.net/api/csirt/download?resourceId=1469\u0026fileType=FichierPDF"
}
],
"source": {
"advisory": "Pano/BS-036",
"discovery": "INTERNAL"
},
"title": "Unnecessary permissions on private keys of certificates installed by Network and Security Wizard",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "30aa36b7-a224-4bc9-b7d3-abea20aa4887",
"assignerShortName": "CODRA",
"cveId": "CVE-2026-4761",
"datePublished": "2026-03-25T12:45:27.361Z",
"dateReserved": "2026-03-24T09:12:20.014Z",
"dateUpdated": "2026-03-26T08:58:02.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4760 (GCVE-0-2026-4760)
Vulnerability from cvelistv5 – Published: 2026-03-25 12:29 – Updated: 2026-03-26 08:53
VLAI?
Title
Potential unauthorized access to files on the Web HMI server host
Summary
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.
* Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
* Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed
* Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .
Severity ?
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODRA | Panorama Suite |
Affected:
Panorama Suite 2022-SP1 , < update PS-2210-02-4079
(custom)
Affected: Panorama Suite 2023 , < update PS-2300-03-3078 AND PS-2300-04-3078 AND PS-2300-82-3078 (custom) Affected: Panorama Suite 2025 , < update PS-2500-02-1078 AND PS-2500-04-1078 (custom) Affected: Panorama Suite 2025 Updated Dec. 25 , < update PS-2510-02-1077 AND PS-2510-04-1077 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:11:20.361122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:11:27.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Panorama HMI Web Server"
],
"platforms": [
"Windows"
],
"product": "Panorama Suite",
"vendor": "CODRA",
"versions": [
{
"lessThan": "update PS-2210-02-4079",
"status": "affected",
"version": "Panorama Suite 2022-SP1",
"versionType": "custom"
},
{
"lessThan": "update PS-2300-03-3078 AND PS-2300-04-3078 AND PS-2300-82-3078",
"status": "affected",
"version": "Panorama Suite 2023",
"versionType": "custom"
},
{
"lessThan": "update PS-2500-02-1078 AND PS-2500-04-1078",
"status": "affected",
"version": "Panorama Suite 2025",
"versionType": "custom"
},
{
"lessThan": "update PS-2510-02-1077 AND PS-2510-04-1077",
"status": "affected",
"version": "Panorama Suite 2025 Updated Dec. 25",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codra:panorama_suite:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "update_ps-2210-02-4079",
"versionStartIncluding": "panorama_suite_2022-sp1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codra:panorama_suite:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "update_ps-2300-03-3078_and_ps-2300-04-3078_and_ps-2300-82-3078",
"versionStartIncluding": "panorama_suite_2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codra:panorama_suite:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "update_ps-2500-02-1078_and_ps-2500-04-1078",
"versionStartIncluding": "panorama_suite_2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codra:panorama_suite:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "update_ps-2510-02-1077_and_ps-2510-04-1077",
"versionStartIncluding": "panorama_suite_2025_updated_dec._25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.\u003cbr\u003e\u003cul\u003e\u003cli\u003eInstallations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed\u003c/li\u003e\u003cli\u003eInstallations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed\u003c/li\u003e\u003cli\u003eInstallations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed \u003c/li\u003e\u003cli\u003eInstallations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed \u003c/li\u003e\u003c/ul\u003ePlease refer to security bulletin BS-035, available on the Panorama CSIRT website: \u003ca href=\"https://my.codra.net/en-gb/csirt\"\u003ehttps://my.codra.net/en-gb/csirt\u003c/a\u003e."
}
],
"value": "From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.\n * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed\n * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed\n * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed \n * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed \n\n\nPlease refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt ."
}
],
"impacts": [
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
}
]
},
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or directories accessible to external parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T08:53:11.120Z",
"orgId": "30aa36b7-a224-4bc9-b7d3-abea20aa4887",
"shortName": "CODRA"
},
"references": [
{
"url": "https://my.codra.net/api/csirt/download?resourceId=1467\u0026fileType=FichierPDF"
}
],
"source": {
"advisory": "Pano/BS-035",
"discovery": "INTERNAL"
},
"title": "Potential unauthorized access to files on the Web HMI server host",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "30aa36b7-a224-4bc9-b7d3-abea20aa4887",
"assignerShortName": "CODRA",
"cveId": "CVE-2026-4760",
"datePublished": "2026-03-25T12:29:13.631Z",
"dateReserved": "2026-03-24T09:11:56.554Z",
"dateUpdated": "2026-03-26T08:53:11.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}