CVE-2026-4822 is a vulnerability identified in Enter Software's Iperius Backup product, specifically affecting versions 8.7.0 through 8.7.3. The flaw exists in the Backup Service component where temporary files are created within the directory C:\ProgramData\IperiusBackup\Jobs\ with insecure permissions. This improper permission setting can allow unauthorized local users to access or modify these temporary files. The vulnerability requires local access to the system and a high degree of attack complexity, indicating that an attacker must have some level of system access and technical skill to exploit it. The vulnerability does not require user interaction and does not allow remote exploitation, limiting its attack surface. However, successful exploitation could lead to unauthorized data manipulation or privilege escalation within the local environment. The vendor responded promptly by releasing version 8.7.4, which addresses the insecure file permission issue by properly securing temporary files. The CVSS 4.0 base score is 7.3 (high severity), reflecting the significant impact on confidentiality, integrity, and availability if exploited, despite the high attack complexity and local attack vector. No known exploits in the wild have been reported yet, but the public availability of the exploit code increases the urgency for patching.

The primary impact of this vulnerability is on the confidentiality and integrity of backup data managed by Iperius Backup. An attacker with local access could exploit insecure temporary file permissions to read or modify backup job files, potentially leading to data tampering or unauthorized disclosure of sensitive backup configurations. This could undermine the reliability of backup operations, causing data loss or corruption. Additionally, the vulnerability might be leveraged for local privilege escalation, allowing attackers to gain higher system privileges and further compromise the affected system. Organizations relying on Iperius Backup for critical data protection could face operational disruptions, data integrity issues, and increased risk of insider threats or lateral movement within their networks. Although remote exploitation is not possible, the requirement for local access means that attackers who have already penetrated the network or compromised user accounts could exploit this vulnerability to deepen their foothold. The public availability of exploit code increases the risk of opportunistic attacks, especially in environments where patching is delayed.

To mitigate CVE-2026-4822, organizations should immediately upgrade Iperius Backup to version 8.7.4 or later, which contains the fix for the insecure temporary file permissions. Beyond patching, organizations should enforce strict local access controls and limit administrative privileges to reduce the risk of local exploitation. Implementing robust endpoint security solutions that monitor file system changes and detect anomalous access to backup directories can help identify exploitation attempts. Regularly auditing file and directory permissions on backup-related paths ensures that temporary files are not accessible to unauthorized users. Additionally, organizations should enforce the principle of least privilege for users and services interacting with backup software. Monitoring logs for unusual activity related to backup jobs and temporary files can provide early warning signs of exploitation. Finally, educating system administrators about the risks of local vulnerabilities and the importance of timely patching will help maintain a secure backup environment.