CVE-2026-45171

Vulnerability

Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 suffer from incomplete input validation and improperly configured folder permissions. This vulnerability allows an authenticated low-privileged user to potentially execute arbitrary code. The affected versions are listed in the CyberArk security bulletins CA26-17 and CA26-18 [1][2][3][4].

Exploitation

An attacker must have authenticated access to the PSM with low privileges. The exploitation involves leveraging the incomplete input validation and weak folder permissions to inject malicious code or manipulate files. No user interaction beyond authentication is required. The exact steps are not publicly detailed, but the vulnerability is confirmed by the vendor.

Impact

Successful exploitation grants the attacker arbitrary code execution on the PSM server. This could lead to full compromise of the session manager, potentially allowing the attacker to escalate privileges, access sensitive credentials, or pivot to other systems managed by the PSM.

Mitigation

The vulnerability is fixed in PSM versions 15.0.3, 14.6.3, 14.2.5, and 14.0.5. Organizations should upgrade to these versions or later. No workarounds are mentioned in the references. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.