CVE-2026-4822
Insecure Temporary File Permissions in Iperius Backup
Publication date: 2026-03-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| enter_software | iperius_backup | to 8.7.3 (inc) |
| enter_software | iperius_backup | From 8.7.4 (inc) |
| enter_software | iperius_backup | to 8.7.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-378 | Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. |
| CWE-377 | Creating and using insecure temporary files can leave application and system data vulnerable to attack. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-4822 allows low-privileged users to escalate privileges and access arbitrary files by exploiting insecure permissions and handling of backup job configuration files in Iperius Backup. This can lead to unauthorized disclosure of sensitive data, including files owned by administrators or protected system files.
Such unauthorized access and potential data exfiltration pose significant risks to compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls over access to personal and sensitive information to prevent data breaches.
Because the vulnerability enables privilege escalation and bypasses access controls, organizations using affected versions of Iperius Backup may face challenges in maintaining compliance with these regulations unless they promptly upgrade to the fixed version (8.7.4) and implement appropriate security measures.
Can you explain this vulnerability to me?
CVE-2026-4822 is a vulnerability in Enter Software Iperius Backup bis version 8.7.3 that involves insecure handling of backup job configuration files (.ibj) stored in the directory C:\ProgramData\IperiusBackup\Jobs\.
Low-privileged users can manipulate these plain-text configuration files by copying and modifying them. When the application restarts, it automatically loads all .ibj files, including any altered or duplicated ones.
By exploiting this, an attacker with local access can run backup jobs with elevated SYSTEM-level privileges by selecting the option "Run Backup as Service (LocalSystem / admin)", effectively bypassing User Account Control (UAC) and gaining unauthorized access to protected files.
This vulnerability arises due to lack of integrity validation and authorization checks on the configuration files, combined with insufficient privilege separation between the user context and the backup service running under the NT AUTHORITY\SYSTEM account.
How can this vulnerability impact me? :
This vulnerability can allow a low-privileged local user to escalate their privileges to SYSTEM level by manipulating backup job configuration files.
As a result, the attacker can access, read, and potentially exfiltrate sensitive files from protected directories that they normally would not have permission to access.
This can lead to unauthorized data disclosure, compromise of system integrity, and further exploitation such as lateral movement within the network or credential harvesting.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves insecure permissions on temporary files created in the directory C:\ProgramData\IperiusBackup\Jobs\ and manipulation of .ibj backup job configuration files by low-privileged users.
To detect this vulnerability on your system, you can check for the presence of .ibj files in the specified directory and verify their permissions to see if low-privileged users have write or modify access.
Suggested commands on a Windows system to detect insecure permissions and suspicious files include:
- Use PowerShell to list files and their permissions in the Jobs directory: Get-ChildItem -Path 'C:\ProgramData\IperiusBackup\Jobs\' | ForEach-Object { $_.FullName; Get-Acl $_.FullName | Format-List }
- Check for recently modified or duplicated .ibj files that could indicate manipulation: Get-ChildItem -Path 'C:\ProgramData\IperiusBackup\Jobs\' -Filter '*.ibj' | Sort-Object LastWriteTime -Descending
- Audit user actions or file creation in this directory using Windows Event Logs or file system auditing to detect unauthorized changes.
Since the exploit requires local access and manipulation of configuration files, monitoring for unexpected backup jobs or service executions running with elevated privileges may also help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to upgrade Iperius Backup to version 8.7.4 or later, as this version addresses the vulnerability.
Additional immediate steps include:
- Restrict permissions on the directory C:\ProgramData\IperiusBackup\Jobs\ to prevent low-privileged users from creating, modifying, or duplicating .ibj configuration files.
- Audit and monitor the backup service execution, especially jobs run with elevated privileges, to detect suspicious activity.
- Limit local access to trusted users only, since the attack requires local access and a high degree of complexity.
Contact the vendor or consult official resources for any additional patches or configuration recommendations.