CVE-2026-45171
Last modified
CVE-2026-45171 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18. EPSS estimates a 0.54% chance of exploitation in the next 30 days.
Description
Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Amber
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Idira Privileged Session Manager | >= 14.0, < 14.0.5 |
| Paloaltonetworks | Idira Privileged Session Manager | >= 14.2, < 14.2.5 |
| Paloaltonetworks | Idira Privileged Session Manager | >= 14.6, < 14.6.3 |
| Paloaltonetworks | Idira Privileged Session Manager | >= 15.0, < 15.0.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-45171?
How severe is CVE-2026-45171?
How do I fix CVE-2026-45171?
Are you affected by CVE-2026-45171?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST