CVE-2026-45170 HIGH

CVE-2026-45170: Idira Privilege Cloud Connector: Potential Security Bypass due to Incomplete TLS Certificate Validation

Vendor Cyberark Software, A Palo Alto Networks Company
Product PAM SH Connector
Weakness CWE-295
Published June 12, 2026
Last update June 12, 2026

CVSS base score

7.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber

What the vulnerability does

01Description

Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 12, 2026 Record updated