CVE-2026-4760

Published: Mar 25, 2026 Last Modified: Mar 25, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,7

Source: 30aa36b7-a224-4bc9-b7d3-abea20aa4887

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

From
Panorama Web HMI, an attacker can gain read access to certain Web HMI server
files, if he knows their paths and if these files are accessible to the Servin
process execution account.

* Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
* Installations based on Panorama Suite 2023 (23.00.004) are vulnerable
unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher)
and PS-2300-82-3078

(or higher)

are installed
* Installations based on Panorama Suite 2025 (25.00.016)

are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007)

are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher)

are installed

Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .

552

Files or Directories Accessible to External Parties

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Files Or Directories Modify Files Or Directories

Applicable Platforms

Technologies: Not Technology-Specific, Cloud Computing

View CWE Details

https://my.codra.net/api/csirt/download?resourceId=1467&fil…

https://my.codra.net/api/csirt/download?resourceId=1467&fileType=FichierPDF

CVE-2026-4760

Description

Files or Directories Accessible to External Parties

Common Consequences

Applicable Platforms

Iscriviti alla newsletter