High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-22676
High
Low
Medium
High
Critical
7.8
CVSS Score
Vulnerability Description
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place attacker-controlled files in this directory, which are then executed under the NT AUTHORITY\SYSTEM account during routine automation cycles, typically succeeding within the next execution cycle.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Severity Details
7.8
out of 10.0
High
Weakness Type (CWE)
CWE-732
Incorrect Permission Assignment for Critical Resource
- Description
- The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- April 15, 2026
