CVE-2026-4822
HIGHEnter Software Iperius Backup Backup Service Local Privilege Escalation
Title source: cnaDescription
A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
References (5)
Scores
CVSS v3
7.0
EPSS
0.0001
EPSS Percentile
3.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-377
CWE-378
Status
published
Products (5)
Enter Software/Iperius Backup
8.7.0
Enter Software/Iperius Backup
8.7.1
Enter Software/Iperius Backup
8.7.2
Enter Software/Iperius Backup
8.7.3
Enter Software/Iperius Backup
8.7.4
Published
Mar 25, 2026
Tracked Since
Mar 26, 2026