Description
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the system can extract the hardcoded keys from the Veramark.Framework.dll module and decrypt the stored credentials. The recovered credentials can then be used to authenticate to the Windows host, potentially resulting in local privilege escalation depending on the privileges of the configured service account.
Published: 2026-02-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch
AI Analysis

Impact

Calero VeraSMART versions before 2026 R1 store the service account password in C:\VeraSMART Data\app.settings encrypted with a hard‑coded static AES key embedded in Veramark.Framework.dll. An attacker with local access can pull this key from the DLL, decrypt the credentials, and use the recovered account to log into the Windows host. If the service account runs with administrative privileges, this can lead to local privilege escalation. The weakness corresponds to improper authentication strength (CWE‑798).

Affected Systems

The vulnerable product is Calero VeraSMART from the vendor Calero. All releases earlier than 2026 R1 contain the hard‑coded key and are affected. The attack applies to systems where the VeraSMART Data directory and the Veramark.Framework.dll DLL are present.

Risk and Exploitability

This vulnerability has a CVSS score of 8.5 and an EPSS score below 1 percent, indicating low current exploitation probability but high impact if exploited. The attack is local only, requiring physical or software access to the machine, and is listed as not in the CISA KEV catalog. Given the severity and low EPSS, administrators should treat this as a high‑priority issue when local access is possible.

Generated by OpenCVE AI on April 17, 2026 at 19:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Calero VeraSMART version 2026 R1 or later, which removes hard‑coded AES keys.
  • If an upgrade cannot be performed immediately, restrict local access to the affected systems and enforce strong authentication for all local user accounts.
  • Change the service account password to a strong, randomly generated value and re‑configure VeraSMART to store it securely, ensuring it is protected by a system‑managed key instead of a hard‑coded one.

Generated by OpenCVE AI on April 17, 2026 at 19:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:calero:verasmart:*:*:*:*:*:*:*:*
cpe:2.3:a:calero:verasmart:2026.0:-:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Calero
Calero verasmart
Vendors & Products Calero
Calero verasmart

Fri, 13 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Description Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the system can extract the hardcoded keys from the Veramark.Framework.dll module and decrypt the stored credentials. The recovered credentials can then be used to authenticate to the Windows host, potentially resulting in local privilege escalation depending on the privileges of the configured service account.
Title Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Calero Verasmart
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-18T15:43:50.859Z

Reserved: 2026-02-13T17:28:43.051Z

Link: CVE-2026-26334

cve-icon Vulnrichment

Updated: 2026-02-13T21:23:20.401Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-13T21:16:52.787

Modified: 2026-02-26T22:45:49.737

Link: CVE-2026-26334

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:00:09Z

Weaknesses