CVE-2026-45171 | THREATINT

Description

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18

PUBLISHED Reserved 2026-05-08 | Published 2026-06-11 | Updated 2026-06-13 | Assigner palo_alto

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/RE:M/U:Amber

Problem types

CWE-22: Path Traversal

Product status

Default status

unaffected

14.0 (custom) before 14.0.5

affected

14.2 (custom) before 14.2.5

affected

14.6 (custom) before 14.6.3

affected

15.0 (custom) before 15.0.3

affected

Timeline

2026-06-11:

Initial publication.

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue finder

References

docs.cyberark.com/...t/release notes/rn-whatsnew15-0-psm.htm vendor-advisory

docs.cyberark.com/...t/release notes/rn-whatsnew14-6-psm.htm vendor-advisory

docs.cyberark.com/...ent/release notes/rn-whatsnew14-2-5.htm vendor-advisory

docs.cyberark.com/...ent/release notes/rn-whatsnew14-0-5.htm vendor-advisory

cve.org (CVE-2026-45171)

nvd.nist.gov (CVE-2026-45171)

Download JSON

help @ threatint.eu