CVE-2026-5310
LOWEnter Software Iperius Backup IperiusAccounts.ini hard-coded key
Title source: cnaDescription
A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is publicly available and might be used. Upgrading to version 8.7.4 will fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
References (6)
Scores
CVSS v3
2.5
EPSS
0.0001
EPSS Percentile
2.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-320
CWE-321
Status
published
Products (4)
Enter Software/Iperius Backup
8.7.0
Enter Software/Iperius Backup
8.7.1
Enter Software/Iperius Backup
8.7.2
Enter Software/Iperius Backup
8.7.4
Published
Apr 01, 2026
Tracked Since
Apr 01, 2026