CVE-2026-45171

Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation

CVSS 8.7 HIGHEPSS 0.5%CWE-22

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

11 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/RE:M/U:Amber

Productos afectados

CyberArk Software, a Palo Alto Networks Company · Privileged Session Manager, Vault

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-5.htm https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-5.htm https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-psm.htm#14.6.3 https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-psm.htm#15.0.3