CVE-2026-4760

Name: CVE-2026-4760
Creator: NVD / NIST
Published: 2026-03-25T13:16:27.99+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.7/10EPSS 0.34%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .

Metrics

CVSS 4.0

7.7/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red

EPSS Probability

0.34%

26.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-552

References

https://my.codra.net/api/csirt/download?resourceId=1467&fileType=FichierPDF

Timeline

Published: Mar 25, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-4760?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST