Skip to main content

CyberArk Privilege Cloud Connector CVE-2026-45170

| EUVDEUVD-2026-36371 HIGH
Improper Certificate Validation (CWE-295)
2026-06-12 palo_alto GHSA-4pc6-w92r-32xw
7.5
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
7.5 HIGH
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
vuln.today AI
6.4 MEDIUM

Adjacent MITM with specific config and operator-triggered TLS session justifies AV:A, AC:H, UI:R; PR:N as no Connector auth needed; C:H/I:H for intercepted credentials, A:N as no availability impact.

3.1 AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
4.0 AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (palo_alto).

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
Patch available
Jun 12, 2026 - 03:01 EUVD
Analysis Generated
Jun 12, 2026 - 01:41 vuln.today
CVE Published
Jun 12, 2026 - 00:05 cve.org
HIGH 7.5

DescriptionCVE.org

Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17

AnalysisAI

Improper TLS certificate validation in CyberArk (Palo Alto Networks) Privilege Cloud Connector (PAM SH Connector, branded 'Idira') versions prior to 1.1.100504 allows adjacent-network attackers to intercept or tamper with privileged-access traffic under specific configuration scenarios. The flaw is rated CVSS 4.0 7.5 with no public exploit identified at time of analysis, but the Connector's role as a broker for secrets and privileged sessions makes successful exploitation highly impactful. Reported by Palo Alto with disclosure tracked under CyberArk Security Bulletin CA26-17.

Technical ContextAI

The affected component is CyberArk's Privilege Cloud Connector (CPE cyberark_software:pam_sh_connector), a Linux-based broker that proxies privileged sessions and secret retrieval between on-premises targets and the CyberArk Privilege Cloud SaaS. The weakness is classified as CWE-295 (Improper Certificate Validation), meaning the TLS client either skips, partially implements, or misconfigures peer certificate verification (e.g., not validating the certificate chain, hostname, or revocation status) when establishing outbound TLS sessions under certain deployment conditions. Because the Connector terminates and forwards privileged credential traffic, any TLS trust gap directly undermines the confidentiality and integrity guarantees the product is designed to provide.

RemediationAI

Upgrade the Privilege Cloud Connector to version 1.1.100504 or later, which is the vendor-released patched build identified in CyberArk Security Bulletin CA26-17 (https://docs.cyberark.com/). Until the upgrade is deployed, restrict the Connector's network exposure so that only trusted, segmented paths reach it - specifically, place the Connector on a dedicated management VLAN with no adjacent untrusted hosts, and require mutual TLS or IPsec on the upstream link to Privilege Cloud where supported (trade-off: added operational complexity and potential session-establishment failures if certificates are misaligned). Audit Connector configuration for any non-default options that weaken TLS verification (custom CA bundles, disabled hostname checks) and revert them; note that tightening verification may break sessions to targets using self-signed or expired internal certificates, which should be re-issued from a trusted internal CA before enforcement.

Share

CVE-2026-45170 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy