PatchSiren cyber security CVE debrief
CVE-2026-45169 CyberArk Software, a Palo Alto Networks Company CVE debrief
CVE-2026-45169 is a HIGH severity vulnerability in Idiria Privileged Access Manager (PAM) Self-Hosted Vault. Versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS).
- Vendor
- CyberArk Software, a Palo Alto Networks Company
- Product
- PAM SH Vault
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of Idiria Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 should apply the necessary patches to mitigate this vulnerability.
Technical summary
The vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber. The weakness associated with this vulnerability is CWE-400.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches to upgrade to Idiria Privileged Access Manager (PAM) Self-Hosted Vault versions 15.0.3, 14.6.5, 14.2.7, or 14.0.8.
- Review and update configurations to prevent unexpected input from being processed.
Evidence notes
The CVE record and details were obtained from the official CVE website and the National Vulnerability Database (NVD).
Official resources
CVE-2026-45169 was published on 2026-06-12T05:16:32.703Z and modified on 2026-06-12T15:30:26.567Z.