CVE-2026-45170

Summary

Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17

Affected Software

VendorProductVersion RangeStatus
CyberArk Software, a Palo Alto Networks CompanyVendor PAM1.1.0 < 1.1.100504affected

Weaknesses

  • CWE-295: CWE-295 - Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References