Executive Summary
Internal security review and external penetration testing identified several vulnerabilities in Netwrix Endpoint Protector. Depending on the vulnerability and the conditions under which it could be exploited, these issues may facilitate injection attacks against the underlying database, the execution of attacker-controlled script in a user’s browser session, unintentional deletion of log files, or unauthorized object storage operations. Additionally, third-party frontend libraries with known vulnerabilities have been identified and updated.
While Netwrix is unaware of any current exploitation of these vulnerabilities, all Netwrix Endpoint Protector customers are advised to apply the available update immediately.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Improper Neutralization of Special Elements used in an SQL Command | Endpoint Protector Server | <=2602.0.1.0 | 8.6 | 7.2 / 6.5 | Insufficient validation of inputs used in SQL queries within the file and log management components may allow an authenticated attacker to influence the behavior of underlying database queries. |
| Improper Neutralization of Input During Web Page Generation | Endpoint Protector Server | <=2602.0.1.0 | 7.5 | 8.8 / 8.4 | Insufficient validation of user-supplied input reflected in web page responses may, by means of a crafted link, facilitate the execution of attacker-controlled script in an authenticated user’s browser session. |
| Missing Authorization | Endpoint Protector Server | <=2602.0.1.0 | 7.0 | 6.0 / 6.0 | Insufficient authorization controls on certain storage operations may allow an authenticated administrator to download and delete files to which they have not been explicitly granted access. |
| Dependency on Vulnerable Third-Party Components | Endpoint Protector Server | <=2602.0.1.0 | 6.9 | 7.3 / 6.8 | Third-party frontend libraries, including Bootstrap and jQuery DataTables, contain publicly known vulnerabilities; updates addressing these have been applied. |
| Cross-Site Request Forgery | Endpoint Protector Server | <=2602.0.1.0 | 5.1 | 5.4 / 4.7 | Insufficient cross-site request forgery protections in log management operations may, by means of a crafted request, facilitate an attacker inducing an authenticated user into unintentionally deleting log files. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Improper Neutralization of Special Elements used in an SQL Command | No | No | No |
| Improper Neutralization of Input During Web Page Generation | Yes | No | No |
| Missing Authorization | No | No | No |
| Dependency on Vulnerable Third-Party Components | Yes | Yes | No |
| Cross-Site Request Forgery | Yes | No | No |
Solution
All Netwrix Endpoint Protector customers are advised to update Endpoint Protector to version 2604.0.1.0 or later as soon as possible.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing an official fix for the vulnerability as indicated in the table below.
| Product | Release Version |
|---|---|
| Netwrix Endpoint Protector | 2604.0.1.0 |
FAQ
-
How do I determine the version of Netwrix Endpoint Protector is in use?
The Netwrix Endpoint Protector server version number can be seen in the lower-right corner of the application window.
-
Are there any configuration changes required after updating?
No additional configuration changes are required. The fixes are automatically applied upon updating to the remediated version.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2026-05-05T12:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.