Home

Description

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .

PUBLISHED Reserved 2026-03-24 | Published 2026-03-25 | Updated 2026-03-26 | Assigner CODRA




HIGH: 7.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Red

Problem types

CWE-552 Files or directories accessible to external parties

Product status

Default status
unaffected

Panorama Suite 2022-SP1 (custom) before update PS-2210-02-4079
affected

Panorama Suite 2023 (custom) before update PS-2300-03-3078 AND PS-2300-04-3078 AND PS-2300-82-3078
affected

Panorama Suite 2025 (custom) before update PS-2500-02-1078 AND PS-2500-04-1078
affected

Panorama Suite 2025 Updated Dec. 25 (custom) before update PS-2510-02-1077 AND PS-2510-04-1077
affected

References

my.codra.net/...download?resourceId=1467&fileType=FichierPDF

cve.org (CVE-2026-4760)

nvd.nist.gov (CVE-2026-4760)

Download JSON