CVE-2026-4761

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.

CVSS

No CVSS.

References

Link	Resource
https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-25 13:16

Updated : 2026-03-26 10:16

NVD link : CVE-2026-4761

Mitre link : CVE-2026-4761

CVE.ORG link : CVE-2026-4761

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2026-4761", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "30aa36b7-a224-4bc9-b7d3-abea20aa4887", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 3.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-25T13:16:28.310", "references": [{"url": "https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF", "source": "30aa36b7-a224-4bc9-b7d3-abea20aa4887"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "30aa36b7-a224-4bc9-b7d3-abea20aa4887", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.\n * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed\n * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable\n\n\nPlease refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt."}, {"lang": "es", "value": "Cuando se instala un certificado y su clave privada en el almac\u00e9n de certificados de la m\u00e1quina Windows utilizando la herramienta de Red y Seguridad, se conceden innecesariamente derechos de acceso a la clave privada al grupo de operadores.\n\n* Las instalaciones basadas en Panorama Suite 2025 (25.00.004) son vulnerables a menos que se instale la actualizaci\u00f3n PS-2500-00-0357 (o superior).\n* Las instalaciones basadas en Panorama Suite 2025 Actualizado 25 Dic. (25.10.007) no son vulnerables.\n\nConsulte el bolet\u00edn de seguridad BS-036, disponible en el sitio web del CSIRT de Panorama: https://my.codra.net/en-gb/csirt."}], "lastModified": "2026-03-26T10:16:26.690", "sourceIdentifier": "30aa36b7-a224-4bc9-b7d3-abea20aa4887"}