PatchSiren cyber security CVE debrief
CVE-2026-45172 CyberArk Software, a Palo Alto Networks Company CVE debrief
CVE-2026-45172 is a HIGH-severity vulnerability in Idira Privileged Session Manager for SSH (PSMP). An authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host due to incomplete input validation. Affected versions include those prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6.
- Vendor
- CyberArk Software, a Palo Alto Networks Company
- Product
- PAM Self-Hosted, Privilege Cloud
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 should apply patches to prevent potential arbitrary command execution.
Technical summary
The vulnerability, with a CVSS score of 8.7, allows an authenticated, low-privileged user to potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins CA26-17 and CA26-18 provide additional information.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches for Idira Privileged Session Manager for SSH (PSMP) versions 15.0.2, 14.6.3, 14.2.5, or 14.0.6 and later.
- Review and implement secure input validation practices.
Evidence notes
CVE-2026-45172 was published on 2026-06-11T22:16:57.320Z and modified on 2026-06-12T15:30:26.567Z. The vendor is identified as Cyberark with low confidence.
Official resources
CVE-2026-45172 was published on 2026-06-11T22:16:57.320Z and modified on 2026-06-12T15:30:26.567Z.