PatchSiren cyber security CVE debrief
CVE-2026-45171 CyberArk Software, a Palo Alto Networks Company CVE debrief
CVE-2026-45171 is a HIGH-severity vulnerability with a CVSS score of 8.7. The vulnerability affects Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5. An authenticated, low-privileged user could potentially execute arbitrary code due to incomplete input validation and improperly configured folder permissions.
- Vendor
- CyberArk Software, a Palo Alto Networks Company
- Product
- Privileged Session Manager, Vault
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 should apply the necessary patches to prevent potential arbitrary code execution.
Technical summary
The vulnerability is caused by incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM). This allows an authenticated, low-privileged user to potentially execute arbitrary code.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches for Idira Privileged Session Manager (PSM) versions 15.0.3, 14.6.3, 14.2.5, or 14.0.5.
- Review and adjust folder permissions to prevent exploitation.
Evidence notes
The CVE record and NVD detail provide evidence for this vulnerability. [see resourceLinkAnnotations for source links].
Official resources
CVE-2026-45171 was published on 2026-06-11T22:16:57.140Z and modified on 2026-06-12T15:30:26.567Z.