CVE-2026-4761

EUVD-2026-15404

25.03.2026, 13:16

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.
  *  Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
  *  Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable


Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
codra	panorama_collaborative_operation_\&_execution	25.00.004
codra	panorama_com	25.00.004
codra	panorama_e2	25.00.004
codra	panorama_h2	25.00.004

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF