Skip to main content

Iperius Backup CVE-2026-4824

| EUVDEUVD-2026-16006 MEDIUM
Improper Privilege Management (CWE-269)
2026-03-25 VulDB GHSA-r7j5-cv7f-qr4c
6.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:11 NVD
HIGH MEDIUM
CVSS changed
Apr 29, 2026 - 01:11 NVD
7.3 (HIGH) 6.4 (MEDIUM)
Re-analysis Queued
Apr 24, 2026 - 16:37 vuln.today
cvss_changed
PoC Detected
Mar 30, 2026 - 13:26 vuln.today
Public exploit code
EUVD ID Assigned
Mar 25, 2026 - 22:02 euvd
EUVD-2026-16006
Analysis Generated
Mar 25, 2026 - 22:02 vuln.today
Patch released
Mar 25, 2026 - 22:02 nvd
Patch available
CVE Published
Mar 25, 2026 - 21:44 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 8.7.4 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

AnalysisAI

Improper privilege management in Iperius Backup through version 8.7.3 allows local authenticated attackers to escalate privileges via manipulation of the Backup Job Configuration File Handler, with public exploit code available. The vulnerability requires local access and high attack complexity but grants full confidentiality and integrity impacts to affected systems. Upgrade to version 8.7.4 or later to remediate.

Technical ContextAI

This vulnerability affects Enter Software Iperius Backup (CPE: cpe:2.3:a:enter_software:iperius_backup:*:*:*:*:*:*:*:*) and is classified as CWE-269 (Improper Privilege Management). The flaw resides in the Backup Job Configuration File Handler component, which appears to handle configuration files for backup jobs without properly validating or restricting privilege levels. This class of vulnerability typically occurs when an application fails to properly drop elevated privileges, incorrectly assigns permissions, or allows unauthorized privilege escalation through manipulation of configuration data or file handlers that run with elevated system privileges.

RemediationAI

Upgrade Iperius Backup to version 8.7.4 or later immediately to resolve this vulnerability, as confirmed by the vendor and available at https://www.iperiusbackup.com/download-software-backup.aspx. The vendor responded professionally and released the patch quickly after notification. Until patching is completed, organizations should implement compensating controls including restricting local access to systems running Iperius Backup to only trusted administrators, monitoring backup job configuration file modifications for unauthorized changes, and applying principle of least privilege to limit potential attackers who might have the low-level access required. Review audit logs for any suspicious privilege escalation attempts or unauthorized backup job configuration modifications that may indicate exploitation attempts.

Share

CVE-2026-4824 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy