Privilege Escalation Vulnerability in Barracuda RMM Affecting Local Users

CVE-2026-22676

What is CVE-2026-22676?

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability due to weak filesystem access control lists (ACLs) on the C:\Windows\Automation directory. This flaw allows local attackers to elevate their privileges to SYSTEM-level. By manipulating automation content or introducing malicious files into this directory, attackers can execute arbitrary code with elevated privileges during routine automation cycles, posing significant risks to system integrity and security.

References