Privilege Escalation Vulnerability in Idira Privilege Cloud Connector by CyberArk
CVE-2026-45170

7.5HIGH

What is CVE-2026-45170?

The Idira Privilege Cloud Connector, specifically versions prior to 1.1.100504, is susceptible to a vulnerability where TLS certificate validation may not be strictly enforced under certain conditions and configurations. This could potentially allow unauthorized access to sensitive resources. Organizations using this product should review their configurations and ensure compliance with security best practices to mitigate the risk.

Affected Version(s)

Vendor PAM 1.1.0 < 1.1.100504

References

CVSS V4

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
.