CVE-2026-4760

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .

CVSS

No CVSS.

References

Link	Resource
https://my.codra.net/api/csirt/download?resourceId=1467&fileType=FichierPDF

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-25 13:16

Updated : 2026-03-26 10:16

NVD link : CVE-2026-4760

Mitre link : CVE-2026-4760

CVE.ORG link : CVE-2026-4760

JSON object : View

Products Affected

No product.

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2026-4760", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "30aa36b7-a224-4bc9-b7d3-abea20aa4887", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", "exploitMaturity": "UNREPORTED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-25T13:16:27.990", "references": [{"url": "https://my.codra.net/api/csirt/download?resourceId=1467&fileType=FichierPDF", "source": "30aa36b7-a224-4bc9-b7d3-abea20aa4887"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "30aa36b7-a224-4bc9-b7d3-abea20aa4887", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.\n * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed\n * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed\n * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed \n * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed \n\n\nPlease refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt ."}, {"lang": "es", "value": "Desde Panorama Web HMI, un atacante puede obtener acceso de lectura a ciertos archivos del servidor Web HMI, si conoce sus rutas y si estos archivos son accesibles para la cuenta de ejecuci\u00f3n del proceso Servin.\n\n* Las instalaciones basadas en Panorama Suite 2022-SP1 (22.50.005) son vulnerables a menos que se instale la actualizaci\u00f3n PS-2210-02-4079 (o superior).\n* Las instalaciones basadas en Panorama Suite 2023 (23.00.004) son vulnerables a menos que se instalen las actualizaciones PS-2300-03-3078 (o superior) y PS-2300-04-3078 (o superior) y PS-2300-82-3078 (o superior).\n* Las instalaciones basadas en Panorama Suite 2025 (25.00.016) son vulnerables a menos que se instalen las actualizaciones PS-2500-02-1078 (o superior) y PS-2500-04-1078 (o superior).\n* Las instalaciones basadas en Panorama Suite 2025 Actualizado Dic. 25 (25.10.007) son vulnerables a menos que se instalen las actualizaciones PS-2510-02-1077 (o superior) y PS-2510-04-1077 (o superior).\n\nConsulte el bolet\u00edn de seguridad BS-035, disponible en el sitio web de Panorama CSIRT: https://my.codra.net/en-gb/csirt."}], "lastModified": "2026-03-26T10:16:26.350", "sourceIdentifier": "30aa36b7-a224-4bc9-b7d3-abea20aa4887"}