CVE-2026-45172
published 2026-06-11CVE-2026-45172: Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.55%
41.8th percentile
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloaltonetworks | idira_privileged_session_manager_for_ssh | >= 14.0 < 14.0.6 | 14.0.6 |
| paloaltonetworks | idira_privileged_session_manager_for_ssh | >= 14.2 < 14.2.5 | 14.2.5 |
| paloaltonetworks | idira_privileged_session_manager_for_ssh | >= 14.6 < 14.6.3 | 14.6.3 |
| paloaltonetworks | idira_privileged_session_manager_for_ssh | >= 15.0 < 15.0.2 | 15.0.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
CyberArk Software PAM Self-Hosted/Privilege Cloud up to 14.0.5/14.2.4/14.6.2/15.0.1 os command injection (EUVD-2026-36364)
vuldb·2026-06-14·CVSS 8.7
CVE-2026-45172 [HIGH] CyberArk Software PAM Self-Hosted/Privilege Cloud up to 14.0.5/14.2.4/14.6.2/15.0.1 os command injection (EUVD-2026-36364)
A vulnerability identified as critical has been detected in CyberArk Software PAM Self-Hosted and Privilege Cloud up to 14.0.5/14.2.4/14.6.2/15.0.1. The affected element is an unknown function. This manipulation causes os command injection.
The identification of this vulnerability is CVE-2026-45172. It is possible to initiate the attack remotely. There is no exploit available.
You should upgrade the affected component.
GHSA
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially exec
ghsa_unreviewed·2026-06-12
CVE-2026-45172 [HIGH] CWE-78 Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially exec
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-6.htmhttps://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-5.htmhttps://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-psmp.htm#14.6.3https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-psmp.htm#15.0.2
2026-06-11
Published