CVE-2026-22676
published 2026-04-15CVE-2026-22676: Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting…
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.10%
1.3th percentile
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place attacker-controlled files in this directory, which are then executed under the NT AUTHORITY\SYSTEM account during routine automation cycles, typically succeeding within the next execution cycle.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barracuda_networks | rmm | < 2025.2.2 | 2025.2.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.5HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Barracuda RMM up to 2025.2.1 permission assignment
vuldb·2026-04-16·CVSS 8.5
CVE-2026-22676 [HIGH] Barracuda RMM up to 2025.2.1 permission assignment
A vulnerability, which was classified as critical, was found in Barracuda RMM up to 2025.2.1. Affected by this issue is some unknown functionality. Such manipulation leads to incorrect permission assignment.
This vulnerability is uniquely identified as CVE-2026-22676. Local access is required to approach this attack. No exploit exists.
You should upgrade the affected component.
GHSA
GHSA-g6hr-fwwc-8cg8: Barracuda RMM versions prior to 2025
ghsa_unreviewed·2026-04-15
CVE-2026-22676 [HIGH] CWE-732 GHSA-g6hr-fwwc-8cg8: Barracuda RMM versions prior to 2025
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place attacker-controlled files in this directory, which are then executed under the NT AUTHORITY\SYSTEM account during routine automation cycles, typically succeeding within the next execution cycle.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-15
Published