Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Authenticated low-privileged PSMP user reaches the SSH service over the network with no user interaction, gaining command execution on the PSMP host with high C/I and partial A impact.
Primary rating from Vendor (palo_alto).
CVSS VectorVendor: palo_alto
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Lifecycle Timeline
2DescriptionCVE.org
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18
AnalysisAI
Authenticated command injection in CyberArk Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 allows low-privileged users to execute arbitrary OS commands on the PSMP host. Because PSMP brokers privileged SSH sessions to downstream targets, code execution on this host can pivot an attacker from a constrained PAM user into the operator of the privileged-access tier. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 4.0 base score of 8.7 reflects high confidentiality and integrity impact on the vulnerable system.
Technical ContextAI
PSMP is the SSH-side component of CyberArk PAM Self-Hosted and Privilege Cloud that proxies and records privileged SSH sessions between end users and managed targets. The flaw is a CWE-78 OS Command Injection caused by incomplete input validation: user-controlled data is passed into a shell or command-execution context on the PSMP host without sufficient sanitization or argument separation. Because PSMP runs under a service account with broad reach into the PAM trust boundary, command execution at this layer effectively breaks the privileged-session containment model that PSMP is designed to enforce. The CPE string identifies CyberArk (a Palo Alto Networks company) PAM Self-Hosted and Privilege Cloud as the affected platform.
RemediationAI
Vendor-released patch: upgrade PSMP to 15.0.2, 14.6.3, 14.2.5, or 14.0.6 depending on your maintenance branch, per CyberArk release notes at docs.cyberark.com (rn-whatsnew15-0-psmp 15.0.2, rn-whatsnew14-6-psmp 14.6.3, rn-whatsnew14-2-5, rn-whatsnew14-0-6) and Security Bulletins CA26-17 and CA26-18. Until the upgrade is applied, restrict which directory users and PSMP local users can authenticate to PSMP - remove or disable any PSMP accounts that do not require interactive SSH proxying - and tighten the LDAP/AD groups mapped to PSMP login, accepting the trade-off that legitimate low-privilege operators may temporarily lose self-service access. Place PSMP behind a network ACL that only permits SSH from known operator jump hosts to shrink the pool of accounts that can attempt the injection, monitor PSMP host audit logs and syslog for unexpected child processes spawned by the PSMP service account, and ensure host-based EDR is in alerting mode on the PSMP server so any shell escape produces a high-fidelity signal.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36364
GHSA-9hqq-5px8-3pfv