High severity7.5NVD Advisory· Published Mar 25, 2026· Updated Apr 1, 2026

CVE-2026-4761

Description

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable

Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.

Affected products

Codra/Panorama Collaborative Operation \& Execution
cpe:2.3:a:codra:panorama_collaborative_operation_\&_execution:25.00.004:*:*:*:*:*:*:*
Codra/Panorama Com
cpe:2.3:a:codra:panorama_com:25.00.004:*:*:*:*:*:*:*
Codra/Panorama E2
cpe:2.3:a:codra:panorama_e2:25.00.004:*:*:*:*:*:*:*
Codra/Panorama H2
cpe:2.3:a:codra:panorama_h2:25.00.004:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

my.codra.net/api/csirt/downloadnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000