CVE-2026-45170
Received Received - Intake
TLS Certificate Validation Bypass in Idira Privilege Cloud Connector

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: Palo Alto Networks, Inc.

Description
Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-45170
EUVD
EUVD-2026-36371
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
idira privilege_cloud_connector to 1.1.100504 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Idira Privilege Cloud Connector versions prior to 1.1.100504. Under certain specific conditions and configuration scenarios, the TLS certificate validation may not be fully enforced. This means that the system might not properly verify the authenticity of TLS certificates, potentially allowing attackers to intercept or manipulate secure communications.

Impact Analysis

Because TLS certificate validation may not be fully enforced, an attacker could exploit this weakness to perform man-in-the-middle attacks, intercepting or altering sensitive data transmitted over supposedly secure connections. This could lead to unauthorized access, data breaches, or compromise of privileged credentials managed by the Idira Privilege Cloud Connector.

Compliance Impact

The vulnerability in Idira Privilege Cloud Connector involves incomplete enforcement of TLS certificate validation under certain conditions. This weakness could potentially expose sensitive data transmissions to interception or man-in-the-middle attacks.

Such a security flaw may impact compliance with common standards and regulations like GDPR and HIPAA, which require strong protections for data in transit to ensure confidentiality and integrity.

However, the provided information does not explicitly state the direct effects on compliance or specific regulatory implications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart