CVE-2026-4760

| EUVD-2026-15402 HIGH
2026-03-25 CODRA GHSA-46v5-gpch-77vw
7.7
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 25, 2026 - 12:45 vuln.today
EUVD ID Assigned
Mar 25, 2026 - 12:45 euvd
EUVD-2026-15402
CVE Published
Mar 25, 2026 - 12:29 nvd
HIGH 7.7

Tags

Information Disclosure Path Traversal

Description

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed  * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed Please refer to security bulletin BS-035, available on the Panorama CSIRT website:  https://my.codra.net/en-gb/csirt .

Analysis

Panorama Web HMI contains a path traversal vulnerability (CWE-552) that allows unauthenticated remote attackers to read arbitrary server files if their paths are known and accessible to the service account. The vulnerability affects Panorama Suite versions 2022-SP1, 2023, and 2025 installations, requiring specific security updates to remediate. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all CODRA Panorama deployments, document affected versions, and restrict network access to the HMI interface to trusted networks only. Within 7 days: implement WAF rules to block path traversal patterns (../, ..\, percent-encoded variants), conduct file access logging to detect exploitation attempts, and establish monitoring for suspicious requests. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Share

CVE-2026-4760 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy