Input Validation Flaw in CyberArk Idira Privileged Session Manager for SSH
CVE-2026-45172
8.7HIGH
Key Information:
- Vendor
- CVE Published:
- 11 June 2026
Badges
👾 Exploit Exists
What is CVE-2026-45172?
A vulnerability exists due to insufficient input validation in CyberArk's Idira Privileged Session Manager for SSH, affecting certain versions. This flaw may allow authenticated, low-privileged users to execute arbitrary commands on the PSMP host, posing a significant risk to the integrity of the system.
Affected Version(s)
PAM Self-Hosted, Privilege Cloud 14.0 < 14.0.6
PAM Self-Hosted, Privilege Cloud 14.2 < 14.2.5
PAM Self-Hosted, Privilege Cloud 14.6 < 14.6.3
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
