CVE-2026-45169
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnera...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CWE
- CWE-400
Description
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45169
- [Other]https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-8.htm
- [Other]https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-7.htm
- [Other]https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-vault.htm#14.6.5
- [Other]https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-vault.htm#15.0.3
Related CVEs
Same CWE
- CVE-2026-44892 — Netty is a network application framework for development of protocol servers and clients (7.5 HIGH)
- CVE-2026-44890 — Netty is a network application framework for development of protocol servers and clients (7.5 HIGH)
- CVE-2026-44250 — Netty is a network application framework for development of protocol servers and clients (7.5 HIGH)
- CVE-2026-45802 — FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF
- CVE-2026-44496 — Axios is a promise based HTTP client for the browser and Node.js (7.5 HIGH)