CVE-2026-45171

Summary

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18

Affected Software

VendorProductVersion RangeStatus
CyberArk Software, a Palo Alto Networks CompanyPrivileged Session Manager, Vault14.0 < 14.0.5affected
CyberArk Software, a Palo Alto Networks CompanyPrivileged Session Manager, Vault14.2 < 14.2.5affected
CyberArk Software, a Palo Alto Networks CompanyPrivileged Session Manager, Vault14.6 < 14.6.3affected
CyberArk Software, a Palo Alto Networks CompanyPrivileged Session Manager, Vault15.0 < 15.0.3affected

Weaknesses

  • CWE-22: CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References