CVE-2026-22676

HIGH 7.8

Barracuda RMM < 2025.2.2 Privilege Escalation via Insecure Directory Permissions

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place attacker-controlled files in this directory, which are then executed under the NT AUTHORITY\SYSTEM account during routine automation cycles, typically succeeding within the next execution cycle.

CWE	CWE-732
Vendor	barracuda networks
Product	rmm
Published	Apr 15, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for barracuda networks rmm

Be the first to know when new high vulnerabilities affecting barracuda networks rmm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Barracuda Networks / RMM

0 < 2025.2.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

download.mw-rmm.barracudamsp.com: https://download.mw-rmm.barracudamsp.com/PDF/2025.2.2/RN_BRMM_2025.2.2_EN.pdf vulncheck.com: https://www.vulncheck.com/advisories/barracuda-rmm-privilege-escalation-via-insecure-directory-permissions