← Volver a CVEs
CVE-2026-4761
HIGH7.5
Descripcion
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/25/2026
Ultima modificacion4/1/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
codra:panorama_collaborative_operation_\&_executioncodra:panorama_comcodra:panorama_e2codra:panorama_h2
Debilidades (CWE)
CWE-732
Referencias
https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF(30aa36b7-a224-4bc9-b7d3-abea20aa4887)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.