Vulnerability Details CVE-2026-45169
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 21.9%
CVSS Severity
CVSS v3 Score 8.6
Products affected by CVE-2026-45169
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.0
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.0.1
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.0.2
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.0.3
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.0.4
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.0.5
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.0.6
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.0.7
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.2
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.2.1
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.2.2
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.2.3
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.2.4
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.2.5
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.2.6
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.6
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.6.2
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.6.3
-
cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:14.6.4