Skip to main content

Iperius Backup CVE-2026-4823

| EUVD-2026-16005 LOW
Information Exposure (CWE-200)
2026-03-25 VulDB GHSA-qj4q-79hc-9854
Information Disclosure Iperius Backup
1.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.1 LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
CVSS changed
Apr 29, 2026 - 01:11 NVD
2.0 (LOW) 1.1 (LOW)
PoC Detected
Mar 30, 2026 - 13:26 vuln.today
Public exploit code
EUVD ID Assigned
Mar 25, 2026 - 22:02 euvd
EUVD-2026-16005
Analysis Generated
Mar 25, 2026 - 22:02 vuln.today
Patch released
Mar 25, 2026 - 22:02 nvd
Patch available
CVE Published
Mar 25, 2026 - 21:44 nvd
LOW 2.0

DescriptionCVE.org

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highly complex. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 8.7.4 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

AnalysisAI

A local information disclosure vulnerability exists in Enter Software Iperius Backup versions up to 8.7.3 within the NTLM2 Handler component, allowing authenticated local users to extract sensitive information through a complex manipulation attack. The vulnerability carries a CVSS score of 2.5 with low exploitability due to high attack complexity requirements, though a proof-of-concept has been publicly disclosed on GitHub. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment This vulnerability presents minimal real-world risk despite being publicly disclosed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated local user with limited privileges (non-administrator) on a system running Iperius Backup 8.7.3 manipulates the NTLM2 authentication handler—potentially through crafted backup job configurations or direct interaction with backup processes—to trigger credential exposure or NTLM relay scenarios. By exploiting the high-complexity attack path, the attacker extracts cached or in-transit NTLM credentials or session tokens, gaining visibility into backup authentication material. …
Remediation Immediately upgrade Enter Software Iperius Backup to version 8.7.4 or later, which contains the vendor's fix for the NTLM2 Handler information disclosure flaw. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

During next maintenance window: Apply vendor patches when convenient. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-4823 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy