High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-4761
HighVulnerability Description
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.
* Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable
Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Known Affected Software
4 configuration(s) from 1 vendor(s)
cpe:2.3:a:codra:panorama_h2:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_com:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_e2:25.00.004:*:*:*:*:*:*:*
cpe:2.3:a:codra:panorama_collaborative_operation_\&_execution:25.00.004:*:*:*:*:*:*:*
Severity Details
Weakness Type (CWE)
Incorrect Permission Assignment for Critical Resource
- Description
- The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- March 25, 2026
