CVE-2026-45169

Summary

Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17

Affected Software

VendorProductVersion RangeStatus
CyberArk Software, a Palo Alto Networks CompanyPAM SH Vault14.0 < 14.0.8affected
CyberArk Software, a Palo Alto Networks CompanyPAM SH Vault14.2 < 14.2.7affected
CyberArk Software, a Palo Alto Networks CompanyPAM SH Vault14.6 < 14.6.5affected
CyberArk Software, a Palo Alto Networks CompanyPAM SH Vault15.0 < 15.0.3affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References