CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host
Details
CVSS v3
9.2
Affected versions
Panorama Suite 2022-SP1, 2023, 2025, 2025 Updated Dec. 25 prior to vendor patches
Summary
This vulnerability allows remote attackers to gain unauthorized read access to sensitive files hosted on the Panorama Web HMI server. An attacker only needs to know the path of target files accessible by the running server process to exploit the flaw. Successful exploitation can lead to exposure of confidential system and application data.
Remediation
Apply the required vendor patches corresponding to your installed version of Panorama Suite. Restrict untrusted network access to the Web HMI server until updates are completed. Refer to vendor security bulletin BS-035 for full patch instructions.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.