CVE-2026-45169
Received Received - Intake
Privileged Access Manager Vault Denial of Service Vulnerability

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: Palo Alto Networks, Inc.

Description
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-45169
EUVD
EUVD-2026-36385
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cyberark privileged_access_manager_self_hosted to 15.0.3 (exc)
cyberark privileged_access_manager_self_hosted 15.0.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45169 is a validation vulnerability in the Idira Privileged Access Manager (PAM) Self-Hosted Vault component. Under certain specific circumstances and configuration scenarios, processing unexpected input can cause the service to terminate unexpectedly. This results in a localized denial of service (DoS) condition.

Impact Analysis

This vulnerability can cause the Vault service in the Privileged Access Manager to unexpectedly stop running when it processes unexpected input. This leads to a localized denial of service (DoS), meaning that the affected service becomes unavailable, potentially disrupting privileged access management operations.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-45169 in Idira Privileged Access Manager (PAM) Self-Hosted Vault, you should immediately apply the security patches provided in the fixed versions.

  • Upgrade to version 15.0.3 or later, which includes critical security fixes and updates MySQL to version 8.4.8.
  • If you are using version 14.6, upgrade to version 14.6.5 or later to address the vulnerability.
  • If you are using version 14.2, upgrade to version 14.2.7 or later.
  • If you are using version 14.0, upgrade to version 14.0.8 or later.

Applying these patches will fix the validation vulnerability that could cause unexpected service termination and localized denial of service.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45169. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart