The vulnerability resides in input validation logic of Idira Privileged Access Manager Self‑Hosted Vault versions before 15.0.3, 14.6.5, 14.2.7, and 14.0.8. When the system processes carefully crafted unexpected input, it can terminate the service unexpectedly, leading to a localized denial of service. The weakness is classified as CWE‑400, indicating a failure to properly validate input length or format. This flaw does not grant code execution or unauthorized access, but it can disrupt the availability of the service for authenticated users on the affected instance.

The affected software is CyberArk’s Idira Privileged Access Manager self‑hosted Vault product. Identified in the CNA data as a CyberArk Software, a Palo Alto Networks Company product. Versions prior to 15.0.3 (including 14.6.5, 14.2.7, and 14.0.8) are affected; post‑15.0.3 releases include the fix.

The CVSS score of 8.7 classifies the flaw as high severity, and although the EPSS score is not available, the vulnerability could be leveraged by an attacker who can inject unexpected input via the service’s exposed interfaces—likely through rest endpoints or management console. Because the denial of service is localized, the attacker must reach the affected system, but any successful exploitation would cause a service outage for all privileged users until the system is restarted. The vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploits at the time of this analysis.