Executive Summary

CVE-2026-4822 is a vulnerability in Enter Software Iperius Backup bis version 8.7.3 that involves insecure handling of backup job configuration files (.ibj) stored in the directory C:\ProgramData\IperiusBackup\Jobs\.

Low-privileged users can manipulate these plain-text configuration files by copying and modifying them. When the application restarts, it automatically loads all .ibj files, including any altered or duplicated ones.

By exploiting this, an attacker with local access can run backup jobs with elevated SYSTEM-level privileges by selecting the option "Run Backup as Service (LocalSystem / admin)", effectively bypassing User Account Control (UAC) and gaining unauthorized access to protected files.

This vulnerability arises due to lack of integrity validation and authorization checks on the configuration files, combined with insufficient privilege separation between the user context and the backup service running under the NT AUTHORITY\SYSTEM account.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow a low-privileged local user to escalate their privileges to SYSTEM level by manipulating backup job configuration files.

As a result, the attacker can access, read, and potentially exfiltrate sensitive files from protected directories that they normally would not have permission to access.

This can lead to unauthorized data disclosure, compromise of system integrity, and further exploitation such as lateral movement within the network or credential harvesting.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves insecure permissions on temporary files created in the directory C:\ProgramData\IperiusBackup\Jobs\ and manipulation of .ibj backup job configuration files by low-privileged users.

To detect this vulnerability on your system, you can check for the presence of .ibj files in the specified directory and verify their permissions to see if low-privileged users have write or modify access.

Suggested commands on a Windows system to detect insecure permissions and suspicious files include:

• Use PowerShell to list files and their permissions in the Jobs directory: Get-ChildItem -Path 'C:\ProgramData\IperiusBackup\Jobs\' | ForEach-Object { $_.FullName; Get-Acl $_.FullName | Format-List }
• Check for recently modified or duplicated .ibj files that could indicate manipulation: Get-ChildItem -Path 'C:\ProgramData\IperiusBackup\Jobs\' -Filter '*.ibj' | Sort-Object LastWriteTime -Descending
• Audit user actions or file creation in this directory using Windows Event Logs or file system auditing to detect unauthorized changes.

Since the exploit requires local access and manipulation of configuration files, monitoring for unexpected backup jobs or service executions running with elevated privileges may also help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

The primary and recommended mitigation step is to upgrade Iperius Backup to version 8.7.4 or later, as this version addresses the vulnerability.

Additional immediate steps include:

• Restrict permissions on the directory C:\ProgramData\IperiusBackup\Jobs\ to prevent low-privileged users from creating, modifying, or duplicating .ibj configuration files.
• Audit and monitor the backup service execution, especially jobs run with elevated privileges, to detect suspicious activity.
• Limit local access to trusted users only, since the attack requires local access and a high degree of complexity.

Contact the vendor or consult official resources for any additional patches or configuration recommendations.

Useful 0 Not Useful 0

Compliance Impact

CVE-2026-4822 allows low-privileged users to escalate privileges and access arbitrary files by exploiting insecure permissions and handling of backup job configuration files in Iperius Backup. This can lead to unauthorized disclosure of sensitive data, including files owned by administrators or protected system files.

Such unauthorized access and potential data exfiltration pose significant risks to compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls over access to personal and sensitive information to prevent data breaches.

Because the vulnerability enables privilege escalation and bypasses access controls, organizations using affected versions of Iperius Backup may face challenges in maintaining compliance with these regulations unless they promptly upgrade to the fixed version (8.7.4) and implement appropriate security measures.

Useful 0 Not Useful 0