CVE-2026-4761
Received Received - Intake

Excessive Private Key Permissions in Panorama Suite

Vulnerability report for CVE-2026-4761, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-25

Last updated on: 2026-04-01

Assigner: 30aa36b7-a224-4bc9-b7d3-abea20aa4887

Description

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-25
Last Modified
2026-04-01
Generated
2026-07-06
AI Q&A
2026-03-25
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
codra panorama_com 25.00.004
codra panorama_e2 25.00.004
codra panorama_h2 25.00.004
codra panorama_collaborative_operation_&_execution 25.00.004

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability involves unnecessary granting of access rights to the private key of a certificate to the operator group when installed in the Windows machine certificate store using the Network and Security tool.

Such improper access control to private keys could potentially lead to unauthorized access or misuse of sensitive cryptographic material, which may impact compliance with standards and regulations that require strict protection of sensitive data and cryptographic keys, such as GDPR and HIPAA.

However, the provided information does not explicitly state the direct impact on compliance with these standards.

Detection Guidance

This vulnerability occurs when a certificate and its private key are installed in the Windows machine certificate store using the Network and Security tool, and access rights to the private key are unnecessarily granted to the operator group.

To detect this vulnerability on your system, you should check the access permissions of private keys in the Windows certificate store, specifically looking for permissions granted to the operator group.

Since the vulnerability is related to Panorama Suite 2025 versions prior to update PS-2500-00-0357, verifying the installed Panorama Suite version and patch level is also important.

No specific commands are provided in the available context or resources. However, typical Windows commands to inspect certificate private key permissions include using PowerShell cmdlets such as Get-Acl on the private key files or using certutil to examine certificate stores.

Executive Summary

This vulnerability occurs when a certificate and its private key are installed in the Windows machine certificate store using the Network and Security tool. In this process, access rights to the private key are unnecessarily granted to the operator group.

Specifically, installations based on Panorama Suite 2025 (version 25.00.004) are vulnerable unless they have been updated with PS-2500-00-0357 or a higher update. Installations based on Panorama Suite 2025 Updated Dec. 25 (version 25.10.007) are not vulnerable.

Impact Analysis

Because access rights to the private key are unnecessarily granted to the operator group, unauthorized users within that group could potentially access sensitive private key material. This could lead to unauthorized use of the certificate's private key, compromising the security of encrypted communications or authentication mechanisms relying on that key.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Panorama Suite 2025 installation is updated to version PS-2500-00-0357 or higher.

Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable.

Refer to the security bulletin BS-036 available on the Panorama CSIRT website for more details and guidance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4761. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart