CVE-2026-45170
Modified Modified - Updated After Analysis

TLS Certificate Validation Bypass in Idira Privilege Cloud Connector

Vulnerability report for CVE-2026-45170, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-12

Last updated on: 2026-06-23

Assigner: Palo Alto Networks, Inc.

Description

Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-12
Last Modified
2026-06-23
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-07-01
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
paloaltonetworks idira_privilege_cloud_connector From 1.1.0 (inc) to 1.1.100504 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Idira Privilege Cloud Connector versions prior to 1.1.100504. Under certain specific conditions and configuration scenarios, the TLS certificate validation may not be fully enforced. This means that the system might not properly verify the authenticity of TLS certificates, potentially allowing attackers to intercept or manipulate secure communications.

Impact Analysis

Because TLS certificate validation may not be fully enforced, an attacker could exploit this weakness to perform man-in-the-middle attacks, intercepting or altering sensitive data transmitted over supposedly secure connections. This could lead to unauthorized access, data breaches, or compromise of privileged credentials managed by the Idira Privilege Cloud Connector.

Compliance Impact

The vulnerability in Idira Privilege Cloud Connector involves incomplete enforcement of TLS certificate validation under certain conditions. This weakness could potentially expose sensitive data transmissions to interception or man-in-the-middle attacks.

Such a security flaw may impact compliance with common standards and regulations like GDPR and HIPAA, which require strong protections for data in transit to ensure confidentiality and integrity.

However, the provided information does not explicitly state the direct effects on compliance or specific regulatory implications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart