PT-2026-27761 · Codra · Panorama Suite
Published
2026-03-25
·
Updated
2026-03-25
·
CVE-2026-4760
CVSS v4.0
7.7
High
| AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Red |
From
Panorama Web HMI, an attacker can gain read access to certain Web HMI server
files, if he knows their paths and if these files are accessible to the Servin
process execution account.
- Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
- Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078
(or higher)
are installed
- Installations based on Panorama Suite 2025 (25.00.016)
are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
- Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007)
are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher)
are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Panorama Suite