CVE-2026-4761
Excessive Private Key Permissions in Panorama Suite
Publication date: 2026-03-25
Last updated on: 2026-04-01
Assigner: 30aa36b7-a224-4bc9-b7d3-abea20aa4887
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codra | panorama_com | 25.00.004 |
| codra | panorama_e2 | 25.00.004 |
| codra | panorama_h2 | 25.00.004 |
| codra | panorama_collaborative_operation_&_execution | 25.00.004 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves unnecessary granting of access rights to the private key of a certificate to the operator group when installed in the Windows machine certificate store using the Network and Security tool.
Such improper access control to private keys could potentially lead to unauthorized access or misuse of sensitive cryptographic material, which may impact compliance with standards and regulations that require strict protection of sensitive data and cryptographic keys, such as GDPR and HIPAA.
However, the provided information does not explicitly state the direct impact on compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when a certificate and its private key are installed in the Windows machine certificate store using the Network and Security tool, and access rights to the private key are unnecessarily granted to the operator group.
To detect this vulnerability on your system, you should check the access permissions of private keys in the Windows certificate store, specifically looking for permissions granted to the operator group.
Since the vulnerability is related to Panorama Suite 2025 versions prior to update PS-2500-00-0357, verifying the installed Panorama Suite version and patch level is also important.
No specific commands are provided in the available context or resources. However, typical Windows commands to inspect certificate private key permissions include using PowerShell cmdlets such as Get-Acl on the private key files or using certutil to examine certificate stores.
Can you explain this vulnerability to me?
This vulnerability occurs when a certificate and its private key are installed in the Windows machine certificate store using the Network and Security tool. In this process, access rights to the private key are unnecessarily granted to the operator group.
Specifically, installations based on Panorama Suite 2025 (version 25.00.004) are vulnerable unless they have been updated with PS-2500-00-0357 or a higher update. Installations based on Panorama Suite 2025 Updated Dec. 25 (version 25.10.007) are not vulnerable.
How can this vulnerability impact me? :
Because access rights to the private key are unnecessarily granted to the operator group, unauthorized users within that group could potentially access sensitive private key material. This could lead to unauthorized use of the certificate's private key, compromising the security of encrypted communications or authentication mechanisms relying on that key.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Panorama Suite 2025 installation is updated to version PS-2500-00-0357 or higher.
Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable.
Refer to the security bulletin BS-036 available on the Panorama CSIRT website for more details and guidance.