Local Privilege Escalation Vulnerability in Enter Software Iperius Backup
CVE-2026-4822
Key Information:
- Vendor
Enter Software
- Status
- Vendor
- CVE Published:
- 25 March 2026
Badges
What is CVE-2026-4822?
A vulnerability was identified in Enter Software's Iperius Backup up to version 8.7.2, specifically within the Backup Service component. This issue arises from the insecure creation of temporary files within the directory located at C:\ProgramData\IperiusBackup\Jobs. An attacker with local access can exploit this vulnerability to create files with incorrect permissions, potentially leading to further unauthorized actions. The complexity of executing this attack is high, making it difficult to exploit effectively. A patch has been released in version 8.7.4 to mitigate this vulnerability, and users are strongly encouraged to upgrade to this version to enhance security.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Iperius Backup 8.7.0
Iperius Backup 8.7.1
Iperius Backup 8.7.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved