CVE-2026-4761

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-4761
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codra:panorama_collaborative_operation_\&_execution:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_com:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_e2:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_h2:25.00.004:*:*:*:*:*:*:*
History

01 Apr 2026, 15:32

Type Values Removed Values Added
Summary
  • (es) Cuando se instala un certificado y su clave privada en el almacén de certificados de la máquina Windows utilizando la herramienta de Red y Seguridad, se conceden innecesariamente derechos de acceso a la clave privada al grupo de operadores. * Las instalaciones basadas en Panorama Suite 2025 (25.00.004) son vulnerables a menos que se instale la actualización PS-2500-00-0357 (o superior). * Las instalaciones basadas en Panorama Suite 2025 Actualizado 25 Dic. (25.10.007) no son vulnerables. Consulte el boletín de seguridad BS-036, disponible en el sitio web del CSIRT de Panorama: https://my.codra.net/en-gb/csirt.
References () https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF - () https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Codra panorama Com
Codra panorama Collaborative Operation \& Execution
Codra panorama H2
Codra panorama E2
Codra
CPE cpe:2.3:a:codra:panorama_com:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_h2:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_e2:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_collaborative_operation_\&_execution:25.00.004:*:*:*:*:*:*:*

26 Mar 2026, 10:16

Type Values Removed Values Added
Summary (en) When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website:  https://my.codra.net/en-gb/csirt . (en) When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.

25 Mar 2026, 13:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-25 13:16

Updated : 2026-04-01 15:32

NVD link : CVE-2026-4761

Mitre link : CVE-2026-4761

CVE.ORG link : CVE-2026-4761

JSON object : View

Products Affected

codra

  • panorama_collaborative_operation_\&_execution
  • panorama_h2
  • panorama_com
  • panorama_e2
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource