CVE-2026-45170 PUBLISHED

Idira Privilege Cloud Connector: Potential Security Bypass due to Incomplete TLS Certificate Validation

Assigner: palo_alto
Reserved: 08.05.2026 Published: 12.06.2026 Updated: 12.06.2026

Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber
CVSS Score: 7.5

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Adjacent	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	Present	Availability	High	Availability	None
Privileges Required	None
User Interaction	Passive

CVSS 4.0

Product Status

Vendor	CyberArk Software, a Palo Alto Networks Company
Product	PAM SH Connector
Versions	Default: unaffected affected from 1.1.0 to 1.1.100504 (excl.)

Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue finder

References

https://docs.cyberark.com/

Problem Types

CWE-295 - Improper Certificate Validation CWE

Impacts

CAPEC-114 Authentication Abuse