HTTP Request Smuggling in Delinea Inc. Cloud Suite and Privileged Access Service
CVE-2025-12811

6.9MEDIUM

Key Information:

Vendor: Delinea Inc.
Status: Cloud Suite And Privileged Access Service
Vendor: CVE Published:; 18 February 2026

🔔 Create Delinea Inc. Vulnerability Alert

What is CVE-2025-12811?

Delinea Inc.'s Cloud Suite and Privileged Access Service are vulnerable to HTTP Request Smuggling, which can allow an attacker to manipulate HTTP requests. This could lead to unauthorized access or the ability to exploit other services. To mitigate this risk, users must upgrade to Server Suite 2023.1 (agent 6.0.1) or later. If immediate upgrades are not feasible, alternative earlier versions include Server Suite release 2023.0.5 (agent version 6.0.0-158) and Server Suite release 2022.1.10 (agent version 5.9.1-337).

Affected Version(s)

Cloud Suite and Privileged Access Service 25.1 HF4 and earlier

Cloud Suite and Privileged Access Service 25.1 HF5

References

https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11...

https://docs.delinea.com/online-help/cloud-suite/release-...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2026
Vulnerability Reserved
Nov 6, 2025

Credit

Dawid Dudek

CVE-2025-12811 Data

JSON