CVE-2026-4760

March 26, 2026, 10:16 a.m.

7.7
High

Description

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .

Product(s) Impacted

Vendor Product Versions
Panorama
  • Panorama Suite
  • 22.50.005, 23.00.004, 25.00.016, 25.10.007

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a panorama panorama_suite 22.50.005 / / / / / / /
a panorama panorama_suite 23.00.004 / / / / / / /
a panorama panorama_suite 25.00.016 / / / / / / /
a panorama panorama_suite 25.10.007 / / / / / / /

References

https://my.codra.net/api/csirt/download?resourceId=1467&fileType=FichierPDF

Tags

CWE-552
2026-03-25
CVE-2026-4760
30aa36b7-a224-4bc9-b7d3-abea20aa4887

CVSS Score

7.7 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE
  • Exploit Maturity: UNREPORTED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red

    View Vector String

Timeline

Published: March 25, 2026, 1:16 p.m.
Last Modified: March 26, 2026, 10:16 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

30aa36b7-a224-4bc9-b7d3-abea20aa4887

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.