CVE-2026-4822

Description

A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVSS Details

CVSS Score

7.0

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Enter Software Iperius Backup <= 8.7.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import os
import ctypes
import sys

def check_vulnerability():
    # Target path based on the CVE description
    target_path = r"C:\ProgramData\IperiusBackup\Jobs\"
    test_file = os.path.join(target_path, "poc_test_file.tmp")

    print(f"[*] Checking permissions on: {target_path}")

    if not os.path.exists(target_path):
        print("[-] Target directory does not exist. Software may not be installed.")
        return

    try:
        # Attempt to create a file in the target directory
        # If successful, a low-privileged user can write to this sensitive location
        with open(test_file, 'w') as f:
            f.write("VULNERABILITY_TEST")
        
        print("[+] SUCCESS: Low-privileged user can write to the Jobs directory!")
        print("[+] This indicates a potential Insecure Permissions vulnerability (CVE-2026-4822).")
        
        # Cleanup
        os.remove(test_file)
        
    except PermissionError:
        print("[-] FAILED: Write access denied. The vulnerability might be patched or permissions are correctly set.")
    except Exception as e:
        print(f"[-] ERROR: {e}")

if __name__ == "__main__":
    # Check if running as admin (optional, usually we want to run as low-priv user to test)
    if ctypes.windll.shell32.IsUserAnAdmin():
        print("[!] WARNING: Running as Administrator. Run as a standard user to accurately test for privilege escalation vectors.")
    
    check_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4822
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4822
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4822/
[4] VulDB https://vuldb.com/cve/CVE-2026-4822
[5] https://github.com/0truust/iperius-backup-security-advisories/blob/main/advisories/arbitrary-file-disclosure.md
[6] https://vuldb.com/?ctiid.353122
[7] https://vuldb.com/?id.353122
[8] https://vuldb.com/?submit.774209
[9] https://www.iperiusbackup.com/download-software-backup.aspx

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4822", "sourceIdentifier": "[email protected]", "published": "2026-03-25T21:16:48.377", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\\ProgramData\\IperiusBackup\\Jobs\\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en Enter Software Iperius Backup hasta 8.7.3. Afecta a una función desconocida del archivo C:\\ProgramData\\IperiusBackup\\Jobs\\ del componente Backup Service. Realizar una manipulación resulta en la creación de un archivo temporal con permisos inseguros. El ataque solo es posible con acceso local. Un alto grado de complejidad es necesario para el ataque. La explotabilidad se dice que es difícil. El exploit ahora es público y puede ser utilizado. La actualización a la versión 8.7.4 puede solucionar este problema. Se recomienda actualizar el componente afectado. El proveedor fue contactado tempranamente, respondió de una manera muy profesional y rápidamente lanzó una versión corregida del producto afectado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.0, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "baseScore": 6.0, "accessVector": "LOCAL", "accessComplexity": "HIGH", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 1.5, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-377"}, {"lang": "en", "value": "CWE-378"}]}], "references": [{"url": "https://github.com/0truust/iperius-backup-security-advisories/blob/main/advisories/arbitrary-file-disclosure.md", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.353122", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.353122", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.774209", "source": "[email protected]"}, {"url": "https://www.iperiusbackup.com/download-software-backup.aspx", "source": "[email protected]"}]}}