CVE-2026-26334
Hardcoded AES Keys in VeraSMART Enable Local Privilege Escalation
Publication date: 2026-02-13
Last updated on: 2026-02-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| calero | verasmart | to 2026.0 (exc) |
| calero | verasmart | 2026.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-26334 affects Calero VeraSMART versions prior to 2026 R1 and involves hardcoded static AES encryption keys embedded within the Veramark.Framework.dll module, specifically in the Veramark.Core.Config class.
These keys are used to encrypt the service account password stored in the file located at C:\VeraSMART Data\app.settings.
An attacker with local access to the affected system can extract these hardcoded AES keys from the DLL, enabling them to decrypt the stored service account credentials.
Once decrypted, the attacker can use these credentials to authenticate to the Windows host, potentially leading to local privilege escalation depending on the privileges assigned to the service account.
How can this vulnerability impact me? :
This vulnerability allows an attacker with local access to extract hardcoded AES keys and decrypt service account credentials.
With the decrypted credentials, the attacker can authenticate to the Windows host.
Depending on the privileges of the service account, this can lead to local privilege escalation, giving the attacker higher-level access to the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the Veramark.Framework.dll module on systems running Calero VeraSMART versions prior to 2026 R1.'}, {'type': 'paragraph', 'content': 'Specifically, an administrator can inspect the file C:\\VeraSMART Data\\app.settings to identify if it contains encrypted service account passwords.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability, one could attempt to extract the hardcoded AES keys from the Veramark.Framework.dll module using reverse engineering or binary analysis tools.'}, {'type': 'paragraph', 'content': 'Suggested commands or steps might include:'}, {'type': 'list_item', 'content': "Use a tool like 'strings' or 'binwalk' on Veramark.Framework.dll to search for embedded AES keys."}, {'type': 'list_item', 'content': 'Use PowerShell or command prompt to verify the existence and contents of C:\\VeraSMART Data\\app.settings.'}, {'type': 'list_item', 'content': 'Run a checksum or hash comparison on Veramark.Framework.dll to identify if it matches a vulnerable version.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Calero VeraSMART to version 2026 R1 or later, where this vulnerability is addressed.
If upgrading is not immediately possible, restrict local access to systems running vulnerable versions to trusted administrators only.
Additionally, consider changing the service account passwords and reviewing the privileges assigned to the service account to minimize potential impact.
Monitor systems for any unauthorized access attempts and ensure that sensitive files like C:\VeraSMART Data\app.settings are protected with appropriate permissions.