Flexera One ITAM: Security vulnerability - Lack of access control leading to attachment file disclosure (CVE‑2026‑4027)

A security vulnerability has been identified in FlexNet Manager Suite that could allow unauthorized access to attachment files due to insufficient access control. This issue occurs when the application does not properly validate user permissions before allowing access to file attachments.

CVE‑2026‑4027 - Observation 1: Lack of access control leading to attachment file disclosure

Impact

An unauthorized user may be able to access attachment files without the required permissions. This could lead to unintended exposure of sensitive information, impacting the confidentiality of data managed by the platform.

Affected Version

FlexNet Manager Suite 2025 R1

FlexNet Manager Suite 2025 R2

Resolution

This vulnerability has been fixed for cloud environments and will be available to customers as part of the Flexera One ITAM May 2026 release. The fix ensures that proper access control validation is enforced before allowing access to attachment files.

For on‑premises customers, the fix will be available in FlexNet Manager Suite 2026 R1.

Upgrade Guidance

• Cloud customers will receive the fix automatically as part of the Flexera One ITAM May 2026 release
• On‑premises customers should plan to upgrade to 2026 R1 once available to remediate this vulnerability

If you need assistance with the upgrade process, please contact Flexera Support.