CVE-2026-45172
HIGH
8,7
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
Description
AI Translation Available
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0011
Percentile
0,3th
Updated
EPSS Score Trend (Last 3 Days)
78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
StableCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Non-Repudiation
Potential Impacts:
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Read Files Or Directories
Modify Files Or Directories
Read Application Data
Modify Application Data
Hide Activities
Applicable Platforms
Technologies:
Not Technology-Specific, AI/ML, Web Server
https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-…
https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-…
https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-…
https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-…