Input Validation Flaw in Idira Privileged Session Manager Affects CyberArk
CVE-2026-45171

8.7HIGH

What is CVE-2026-45171?

The Idira Privileged Session Manager from CyberArk contains vulnerabilities due to improper input validation and misconfigured folder permissions. These issues allow low-privileged authenticated users to potentially execute arbitrary code, which can lead to unauthorized access and manipulation of sensitive information. Users utilizing versions of the Idira PSM prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 are particularly at risk. CyberArk has released updates to rectify these vulnerabilities, and it is strongly recommended that users apply these patches to secure their systems.

Affected Version(s)

Privileged Session Manager, Vault 14.0 < 14.0.5

Privileged Session Manager, Vault 14.2 < 14.2.5

Privileged Session Manager, Vault 14.6 < 14.6.3

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
.