Ghostwire

CVE-2026-45171: Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM)...

MEDIUM CVSS 0.0 Exploit Available

Published: June 11, 2026 | Last Modified: June 12, 2026

Description

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18

Ghostwire Analysis — What This Means Practically

Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew1
docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew1
docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew1
docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew1
www.tenable.com/cve/CVE-2026-45171
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-45171