Skip to main content

CyberArk PAM Self-Hosted Vault CVE-2026-45169

| EUVD-2026-36385 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-06-12 palo_alto GHSA-3xcp-963x-rf7x
Denial Of Service Hashicorp Pam Sh Vault
8.7
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
vuln.today AI
5.9 MEDIUM

Network-reachable and unauthenticated (AV:N/PR:N), but description requires 'specific circumstances and configuration scenarios' so AC:H; availability-only impact (A:H, C/I:N).

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (palo_alto).

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 12, 2026 - 06:00 EUVD
Analysis Generated
Jun 12, 2026 - 05:29 vuln.today
CVE Published
Jun 12, 2026 - 04:32 cve.org
HIGH 8.7

DescriptionCVE.org

Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17

AnalysisAI

Denial of service in CyberArk Privileged Access Manager (PAM) Self-Hosted Vault allows remote attackers to terminate the Vault service by sending unexpected input under specific configuration scenarios, affecting versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. Disclosed by Palo Alto Networks (which now owns CyberArk) via Security Bulletin CA26-17 with no public exploit identified at time of analysis, the CVSS 4.0 base score of 8.7 reflects the network-reachable, unauthenticated attack path against a security-critical service. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed CyberArk Vault listener
Delivery
Send crafted unexpected input to Vault protocol
Exploit
Trigger unhandled validation path
Execution
Vault service process terminates
Impact
Privileged access workflows halt enterprise-wide
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the CyberArk Vault listener (typically TCP/1858) and that the Vault is running an affected build (<15.0.3, <14.6.5, <14.2.7, or <14.0.8) in one of the unspecified 'specific circumstances and configuration scenarios' called out by CyberArk - the advisory does not name the exact feature/setting, so defenders should request the trigger details from CyberArk support. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals diverge sharply and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker with network reach to the Vault listener crafts an unexpected input payload to the Vault protocol endpoint, which the affected version fails to validate, causing the Vault service process to terminate. Because the Vault brokers credentials for every PAM-managed account, the resulting outage immediately halts privileged session launches, password rotations, and CPM/PSM operations across the enterprise until the service is restarted. …
Remediation Vendor-released patch: upgrade to CyberArk PAM Self-Hosted Vault 15.0.3, 14.6.5, 14.2.7, or 14.0.8 depending on your maintenance branch, per the release notes linked from Security Bulletin CA26-17 (docs.cyberark.com/pam-self-hosted/.../rn-whatsnew15-0-vault.htm#15.0.3 and the corresponding 14.6.5, 14.2.7, 14.0.8 pages). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Verify deployed CyberArk PAM Vault version and identify affected systems running versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-45169 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy