{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T07:15:09.566","vulnerabilities":[{"cve":{"id":"CVE-2026-4761","sourceIdentifier":"30aa36b7-a224-4bc9-b7d3-abea20aa4887","published":"2026-03-25T13:16:28.310","lastModified":"2026-06-17T10:57:11.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.\n  *  Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed\n  *  Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable\n\n\nPlease refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt."},{"lang":"es","value":"Cuando se instala un certificado y su clave privada en el almacén de certificados de la máquina Windows utilizando la herramienta de Red y Seguridad, se conceden innecesariamente derechos de acceso a la clave privada al grupo de operadores.\n\n*   Las instalaciones basadas en Panorama Suite 2025 (25.00.004) son vulnerables a menos que se instale la actualización PS-2500-00-0357 (o superior).\n*   Las instalaciones basadas en Panorama Suite 2025 Actualizado 25 Dic. (25.10.007) no son vulnerables.\n\nConsulte el boletín de seguridad BS-036, disponible en el sitio web del CSIRT de Panorama: https://my.codra.net/en-gb/csirt."}],"affected":[{"source":"30aa36b7-a224-4bc9-b7d3-abea20aa4887","affectedData":[{"vendor":"CODRA","product":"Panorama Suite","defaultStatus":"unaffected","modules":["Network and Security Tool"],"platforms":["Windows"],"versions":[{"version":"Panorama Suite 2025","lessThan":"update PS-2500-00-0357","versionType":"custom","status":"affected"},{"version":"Panorama Suite 2025 Updated Dec. 25","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"30aa36b7-a224-4bc9-b7d3-abea20aa4887","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-25T13:06:35.347666Z","id":"CVE-2026-4761","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"30aa36b7-a224-4bc9-b7d3-abea20aa4887","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codra:panorama_collaborative_operation_\\&_execution:25.00.004:*:*:*:*:*:*:*","matchCriteriaId":"D2E17453-9392-40F1-94B9-B43725C91AE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:codra:panorama_com:25.00.004:*:*:*:*:*:*:*","matchCriteriaId":"0E7ADB78-2574-4CE8-A39C-A67F6DCE4EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:codra:panorama_e2:25.00.004:*:*:*:*:*:*:*","matchCriteriaId":"6B992EF9-A765-45DB-AD47-16300D7F3B80"},{"vulnerable":true,"criteria":"cpe:2.3:a:codra:panorama_h2:25.00.004:*:*:*:*:*:*:*","matchCriteriaId":"6B268371-5F90-40DB-9D6D-BCCB781CDC08"}]}]}],"references":[{"url":"https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF","source":"30aa36b7-a224-4bc9-b7d3-abea20aa4887","tags":["Vendor Advisory"]}]}}]}