{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1232", "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891", "state": "PUBLISHED", "assignerShortName": "BT", "dateReserved": "2026-01-20T15:30:42.757Z", "datePublished": "2026-02-02T16:18:47.242Z", "dateUpdated": "2026-02-02T16:35:48.876Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Privilege management for Windows", "vendor": "BeyondTrust", "versions": [{"lessThanOrEqual": "25.7", "status": "affected", "version": "0", "versionType": "cpe"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions &lt;=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.</span>"}], "value": "A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "description": "CWE-693", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13061848-ea10-403d-bd75-c83a022c2891", "shortName": "BT", "dateUpdated": "2026-02-02T16:18:47.242Z"}, "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-01"}, {"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0023100"}], "source": {"discovery": "UNKNOWN"}, "title": "Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T16:35:19.653452Z", "id": "CVE-2026-1232", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:35:48.876Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1232", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-02T16:35:19.653452Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:35:33.992Z"}}], "cna": {"title": "Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BeyondTrust", "product": "Privilege management for Windows", "versions": [{"status": "affected", "version": "0", "versionType": "cpe", "lessThanOrEqual": "25.7"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-01"}, {"url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0023100"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions &lt;=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693"}]}], "providerMetadata": {"orgId": "13061848-ea10-403d-bd75-c83a022c2891", "shortName": "BT", "dateUpdated": "2026-02-02T16:18:47.242Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1232", "state": "PUBLISHED", "dateUpdated": "2026-02-02T16:35:48.876Z", "dateReserved": "2026-01-20T15:30:42.757Z", "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891", "datePublished": "2026-02-02T16:18:47.242Z", "assignerShortName": "BT"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration."}, {"lang": "es", "value": "Una vulnerabilidad de gravedad media ha sido identificada en BeyondTrust Privilege Management para Windows versiones &lt;=25.7. Bajo ciertas condiciones, un usuario local autenticado con privilegios elevados podr\u00eda eludir las protecciones antimanipulaci\u00f3n del producto, lo que podr\u00eda permitir el acceso a componentes de aplicaci\u00f3n protegidos y la capacidad de modificar la configuraci\u00f3n del producto."}], "id": "CVE-2026-1232", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "13061848-ea10-403d-bd75-c83a022c2891", "type": "Secondary"}]}, "published": "2026-02-02T17:16:16.780", "references": [{"source": "13061848-ea10-403d-bd75-c83a022c2891", "url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0023100"}, {"source": "13061848-ea10-403d-bd75-c83a022c2891", "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-01"}], "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "13061848-ea10-403d-bd75-c83a022c2891", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T00:38:08.214518+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011issued security update that removes the anti\u2011tamper bypass flaw.", "Restrict or remove unnecessary local accounts that have elevated privileges on the affected machines.", "Enable audit logging for configuration changes and monitor for unauthorized tampering attempts."], "summary": {"action": "Patch", "impact": "Unauthorized Configuration Modification"}, "threat_synthesis": {"affected_systems": "The affected product is BeyondTrust Privilege Management for Windows, with affected releases up to version 25.7. Any installation of these versions on Windows hosts is vulnerable.", "description_and_impact": "A medium\u2011severity flaw exists in BeyondTrust Privilege Management for Windows versions 25.7 and earlier. When a local user with elevated privileges follows a specific sequence of actions, the software\u2019s anti\u2011tamper checks can be bypassed. The vulnerability originates from a lack of proper validation of configuration changes (CWE\u2011693) and permits the attacker to interact with protected components and alter product settings. This could compromise the integrity of the privilege management service and lead to broader system compromise.", "risk_and_exploitability": "The CVSS score of 6.8 indicates a moderate risk, and the EPSS score of less than 1\u202f% suggests a very low likelihood of public exploitation at present. The vulnerability is not listed in the CISA KEV catalog, so it has not yet been confirmed as a known exploited vulnerability. Nonetheless, a local privileged user\u2014such as a system administrator or a software developer with elevated rights\u2014can trigger the exploit, making the attack vector local. An adversary with access to the host can leverage this to modify the configuration and potentially gain unauthorized control over privileged functions."}}}}, "created": "2026-02-04T12:18:12.873315+00:00", "updated": "2026-04-18T00:45:32.238665+00:00", "vendors": ["beyondtrust", "beyondtrust$PRODUCT$privilege_management_for_windows"]}