Potential unauthorized access to files on the Web HMI server...

7.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Red

Description

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.
* Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
* Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed
* Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed

Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .

Basic Information

ID CVE-2026-4760

Source CODRA

Published Mar 25, 2026 at 12:29

Modified Mar 26, 2026 at 08:53

Affected Product

Vendor CODRA

Product Panorama Suite

Version Panorama Suite 2022-SP1

Affected Versions CODRA Panorama Suite Panorama Suite 2022-SP1
CODRA Panorama Suite Panorama Suite 2023
CODRA Panorama Suite Panorama Suite 2025
CODRA Panorama Suite Panorama Suite 2025 Updated Dec. 25

CWE Classification

CWE-552

References

my.codra.net /api/csirt/download

{
    "lastseen": "",
    "description": "From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.\n  *  Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed\n  *  Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed\n  *  Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed \n  *  Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed \n\n\nPlease refer to security bulletin BS-035, available on the Panorama CSIRT website:  https://my.codra.net/en-gb/csirt .",
    "published": "2026-03-25T12:29:13.631Z",
    "modified": "2026-03-26T08:53:11.120Z",
    "type": "cve",
    "title": "Potential unauthorized access to files on the Web HMI server host",
    "source": "CODRA",
    "references": "https://my.codra.net/api/csirt/download?resourceId=1467&fileType=FichierPDF",
    "id": "CVE-2026-4760",
    "bulletinFamily": "",
    "cwe": [
        "CWE-552"
    ],
    "cvelist": null,
    "sourceData": "CODRA Panorama Suite Panorama Suite 2022-SP1\nCODRA Panorama Suite Panorama Suite 2023\nCODRA Panorama Suite Panorama Suite 2025\nCODRA Panorama Suite Panorama Suite 2025 Updated Dec. 25",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Panorama Suite",
    "version": "Panorama Suite 2022-SP1",
    "vendor": "CODRA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Potential unauthorized access to files on the Web HMI server host_CVE-2026-4760