CVE-2026-26334
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the system can extract the hardcoded keys from the Veramark.Framework.dll module and decrypt the stored credentials. The recovered credentials can then be used to authenticate to the Windows host, potentially resulting in local privilege escalation depending on the privileges of the configured service account.
Analysis
Local privilege escalation in Calero VeraSMART versions before 2026 R1 stems from hardcoded AES encryption keys embedded in Veramark.Framework.dll that protect service account credentials stored in app.settings. An attacker with local system access can extract these static keys, decrypt the stored passwords, and use the recovered credentials to authenticate as the service account, potentially gaining elevated privileges depending on that account's permissions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all VeraSMART deployments and identify systems running versions prior to 2026 R1. Within 7 days: Implement network segmentation to restrict access to VeraSMART servers and rotate all service account credentials used by VeraSMART. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today