Description
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to the database. In order to exploit this vulnerability, the client application has to be already configured, but a user does not have to be logged in. 
This issue has been fixed in version 2026.4
Published: 2026-05-14
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Comarch ERP Optima clients connect to the database with a high privileged account, even when users log in with a lower privileged application account. A local attacker who can control the client process can dump its memory, extract the database credentials, and then use those credentials to gain full privileged access to the database. This enables the attacker to read, modify or delete data, potentially compromising confidentiality, integrity, and availability of the entire database system.

Affected Systems

The vulnerability affects the Comarch ERP Optima client software. Any installed version prior to the release of version 2026.4 is susceptible. No specific sub‑versions are listed, so all earlier releases that use the default privileged connection logic are considered impacted.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity vulnerability. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. The exploit requires local access to the client process, so an attacker must already be present on the same machine and have permission to control the client. Once the memory is dumped, credential extraction is trivial, giving the attacker direct privileged database access.

Generated by OpenCVE AI on May 14, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch to upgrade to version 2026.4.
  • Limit local user privileges so that only authorized users can run or control the ERP Optima client process.
  • If immediate patching is not possible, isolate the client infrastructure from the database network and monitor for suspicious memory‑dump activity.

Generated by OpenCVE AI on May 14, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Comarch
Comarch erp Optima
Vendors & Products Comarch
Comarch erp Optima

Thu, 14 May 2026 10:45:00 +0000

Type Values Removed Values Added
Description Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to the database. In order to exploit this vulnerability, the client application has to be already configured, but a user does not have to be logged in.  This issue has been fixed in version 2026.4
Title Privilege Escalation in Comarch ERP Optima
Weaknesses CWE-266
References
Metrics cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Comarch Erp Optima
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-05-14T15:29:13.663Z

Reserved: 2025-12-17T14:10:16.437Z

Link: CVE-2025-68420

cve-icon Vulnrichment

Updated: 2026-05-14T15:28:24.441Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T11:16:16.177

Modified: 2026-05-14T16:07:11.137

Link: CVE-2025-68420

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:32:44Z

Weaknesses