CVE-2026-4760
Essential information
- Published
- 25/03/2026 13:16
- Modified
- 26/03/2026 10:16
- Author
- —
- Creator
- —
- CVSS
- 7.7 HIGH (v3) 7.7 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- NONE
- User interaction
- NONE
- Confidentiality (V)
- HIGH
- Confidentiality (S)
- HIGH
- Integrity (V)
- NONE
- Integrity (S)
- NONE
- Availability (V)
- NONE
- Availability (S)
- NONE
- Exploit maturity
- UNREPORTED
Description
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.
* Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
* Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed
* Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 30aa36b7-a224-4bc9-b7d3-abea20aa4887
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| panorama / panorama suite | cpe:2.3:a:panorama:panorama_suite:22.50.005:*:*:*:*:*:*:* |
| panorama / panorama suite | cpe:2.3:a:panorama:panorama_suite:23.00.004:*:*:*:*:*:*:* |
| panorama / panorama suite | cpe:2.3:a:panorama:panorama_suite:25.00.016:*:*:*:*:*:*:* |
| panorama / panorama suite | cpe:2.3:a:panorama:panorama_suite:25.10.007:*:*:*:*:*:*:* |