Cyber Resilience

CVE-2026-4761

LowLPE

Published: 25 March 2026

Published
25 March 2026
Modified
01 April 2026
KEV Added
Patch
CVSS Score v4 3.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
EPSS Score 0.0002 7.2th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4761 is a low-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Codra Panorama Collaborative Operation \& Execution. Its CVSS base score is 3.3 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Private Keys (T1552.004); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2026-4761 is a permissions vulnerability (CWE-732) in the handling of certificates and private keys installed via the Network and Security tool into the Windows machine certificate store. It affects installations based on Panorama Suite 2025 (version 25.00.004), where access rights to the private key are unnecessarily granted to the operator group. Systems with the update PS-2500-00-0357 or higher installed are not vulnerable, and installations based on Panorama Suite 2025 Updated Dec. 25 (version 25.10.007) are unaffected. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-03-25.

The vulnerability can be exploited by any authenticated member of the operator group on an affected system, potentially allowing unauthorized access to sensitive private keys over the network with low complexity and no user interaction required. Successful exploitation enables high-impact confidentiality violations, such as exfiltrating private keys used for authentication or encryption, without affecting integrity or availability.

Security bulletin BS-036, available on the Panorama CSIRT website at https://my.codra.net/en-gb/csirt, provides detailed mitigation guidance. Panorama recommends applying update PS-2500-00-0357 or higher to vulnerable Panorama Suite 2025 (25.00.004) installations. Additional details are in the referenced PDF at https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF.

EU & UK References

Vulnerability details

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025…

more

(25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.004 Private Keys Credential Access
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.
Why these techniques?

Vulnerability grants operator group unauthorized access to private keys in Windows certificate store (CWE-732), directly enabling exfiltration of private keys for authentication/encryption per T1552.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21765Shared CWE-732
CVE-2025-27688Shared CWE-732
CVE-2019-25344Shared CWE-732
CVE-2026-24291Shared CWE-732
CVE-2026-22676Shared CWE-732
CVE-2025-1067Shared CWE-732
CVE-2025-62575Shared CWE-732
CVE-2025-0066Shared CWE-732
CVE-2019-25343Shared CWE-732
CVE-2026-2637Shared CWE-732

Affected Assets

codra
panorama collaborative operation \& execution
25.00.004
codra
panorama com
25.00.004
codra
panorama e2
25.00.004
codra
panorama h2
25.00.004

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the permissions vulnerability by requiring timely application of the update PS-2500-00-0357 that fixes improper private key access grants to the operator group.

prevent

Enforces least privilege to prevent the operator group from gaining unnecessary access to sensitive private keys installed in the Windows certificate store.

prevent

Mandates protection of private keys as authenticators from unauthorized disclosure, directly countering the excessive permissions granted to the operator group.

References